[ 3836.699906] # Subtest: bitfields [ 3836.699928] 1..2 [ 3836.708890] ok 1 - test_bitfields_constants [ 3836.709461] ok 2 - test_bitfields_variables [ 3836.710087] ok 1 - bitfields [ 3837.438619] # Subtest: cmdline [ 3837.438631] 1..4 [ 3837.440041] ok 1 - cmdline_test_noint [ 3837.441199] ok 2 - cmdline_test_lead_int [ 3837.442335] ok 3 - cmdline_test_tail_int [ 3837.444118] ok 4 - cmdline_test_range [ 3837.444676] ok 2 - cmdline [ 3838.124985] # Subtest: ext4_inode_test [ 3838.124998] 1..1 [ 3838.126238] # inode_test_xtimestamp_decoding: ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits [ 3838.127213] # inode_test_xtimestamp_decoding: ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits [ 3838.129267] # inode_test_xtimestamp_decoding: ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits [ 3838.131306] # inode_test_xtimestamp_decoding: ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits [ 3838.133336] # inode_test_xtimestamp_decoding: ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on [ 3838.135582] # inode_test_xtimestamp_decoding: ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on [ 3838.137644] # inode_test_xtimestamp_decoding: ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on [ 3838.139818] # inode_test_xtimestamp_decoding: ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on [ 3838.141880] # inode_test_xtimestamp_decoding: ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on [ 3838.144179] # inode_test_xtimestamp_decoding: ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on [ 3838.146037] # inode_test_xtimestamp_decoding: ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on [ 3838.148184] # inode_test_xtimestamp_decoding: ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on [ 3838.150076] # inode_test_xtimestamp_decoding: ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns [ 3838.152453] # inode_test_xtimestamp_decoding: ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns [ 3838.154623] # inode_test_xtimestamp_decoding: ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on [ 3838.156931] # inode_test_xtimestamp_decoding: ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on [ 3838.158460] ok 1 - inode_test_xtimestamp_decoding [ 3838.159843] ok 3 - ext4_inode_test [ 3839.613109] # Subtest: kunit-try-catch-test [ 3839.613125] 1..2 [ 3839.614980] ok 1 - kunit_test_try_catch_successful_try_no_catch [ 3839.616364] ok 2 - kunit_test_try_catch_unsuccessful_try_does_catch [ 3839.617209] ok 4 - kunit-try-catch-test [ 3839.619515] # Subtest: kunit-resource-test [ 3839.619602] 1..7 [ 3839.621040] ok 1 - kunit_resource_test_init_resources [ 3839.622102] ok 2 - kunit_resource_test_alloc_resource [ 3839.623278] ok 3 - kunit_resource_test_destroy_resource [ 3839.625076] ok 4 - kunit_resource_test_cleanup_resources [ 3839.626429] ok 5 - kunit_resource_test_proper_free_ordering [ 3839.627976] ok 6 - kunit_resource_test_static [ 3839.629264] ok 7 - kunit_resource_test_named [ 3839.630024] ok 5 - kunit-resource-test [ 3839.631350] # Subtest: kunit-log-test [ 3839.631357] 1..1 [ 3839.633239] put this in log. [ 3839.633725] this too. [ 3839.634107] add to suite log. [ 3839.634404] along with this. [ 3839.635789] ok 1 - kunit_log_test [ 3839.636231] ok 6 - kunit-log-test [ 3839.638111] # Subtest: kunit_status [ 3839.638118] 1..2 [ 3839.639358] ok 1 - kunit_status_set_failure_test [ 3839.640329] ok 2 - kunit_status_mark_skipped_test [ 3839.641015] ok 7 - kunit_status [ 3839.803895] # Subtest: rtc_lib_test_cases [ 3839.803906] 1..1 [ 3845.356614] ok 1 - rtc_time64_to_tm_test_date_range [ 3845.375934] ok 8 - rtc_lib_test_cases [ 3845.689462] # Subtest: list-kunit-test [ 3845.689474] 1..36 [ 3845.697459] ok 1 - list_test_list_init [ 3845.698451] ok 2 - list_test_list_add [ 3845.699611] ok 3 - list_test_list_add_tail [ 3845.700648] ok 4 - list_test_list_del [ 3845.702170] ok 5 - list_test_list_replace [ 3845.703515] ok 6 - list_test_list_replace_init [ 3845.704517] ok 7 - list_test_list_swap [ 3845.706279] ok 8 - list_test_list_del_init [ 3845.707684] ok 9 - list_test_list_move [ 3845.708796] ok 10 - list_test_list_move_tail [ 3845.710340] ok 11 - list_test_list_bulk_move_tail [ 3845.711630] ok 12 - list_test_list_is_first [ 3845.712811] ok 13 - list_test_list_is_last [ 3845.714359] ok 14 - list_test_list_empty [ 3845.715667] ok 15 - list_test_list_empty_careful [ 3845.716673] ok 16 - list_test_list_rotate_left [ 3845.718344] ok 17 - list_test_list_rotate_to_front [ 3845.719705] ok 18 - list_test_list_is_singular [ 3845.720792] ok 19 - list_test_list_cut_position [ 3845.722403] ok 20 - list_test_list_cut_before [ 3845.723609] ok 21 - list_test_list_splice [ 3845.725198] ok 22 - list_test_list_splice_tail [ 3845.726446] ok 23 - list_test_list_splice_init [ 3845.727599] ok 24 - list_test_list_splice_tail_init [ 3845.729218] ok 25 - list_test_list_entry [ 3845.730674] ok 26 - list_test_list_first_entry [ 3845.731733] ok 27 - list_test_list_last_entry [ 3845.733309] ok 28 - list_test_list_first_entry_or_null [ 3845.734616] ok 29 - list_test_list_next_entry [ 3845.735834] ok 30 - list_test_list_prev_entry [ 3845.737459] ok 31 - list_test_list_for_each [ 3845.738588] ok 32 - list_test_list_for_each_prev [ 3845.740226] ok 33 - list_test_list_for_each_safe [ 3845.741567] ok 34 - list_test_list_for_each_prev_safe [ 3845.742717] ok 35 - list_test_list_for_each_entry [ 3845.744352] ok 36 - list_test_list_for_each_entry_reverse [ 3845.744999] ok 9 - list-kunit-test [ 3845.907699] # Subtest: memcpy [ 3845.907710] 1..4 [ 3845.913734] # memset_test: ok: memset() direct assignment [ 3845.914805] # memset_test: ok: memset() complete overwrite [ 3845.915548] # memset_test: ok: memset() middle overwrite [ 3845.916251] # memset_test: ok: memset() argument side-effects [ 3845.917060] # memset_test: ok: memset() memset_after() [ 3845.917737] # memset_test: ok: memset() memset_startat() [ 3845.919607] ok 1 - memset_test [ 3845.919861] # memcpy_test: ok: memcpy() static initializers [ 3845.921109] # memcpy_test: ok: memcpy() direct assignment [ 3845.921824] # memcpy_test: ok: memcpy() complete overwrite [ 3845.922563] # memcpy_test: ok: memcpy() middle overwrite [ 3845.923286] # memcpy_test: ok: memcpy() argument side-effects [ 3845.925090] ok 2 - memcpy_test [ 3845.925402] # memmove_test: ok: memmove() static initializers [ 3845.926655] # memmove_test: ok: memmove() direct assignment [ 3845.927395] # memmove_test: ok: memmove() complete overwrite [ 3845.928153] # memmove_test: ok: memmove() middle overwrite [ 3845.928866] # memmove_test: ok: memmove() argument side-effects [ 3845.929646] # memmove_test: ok: memmove() overlapping write [ 3845.934217] ok 3 - memmove_test [ 3845.934808] ok 4 - strtomem_test [ 3845.935455] ok 10 - memcpy [ 3846.124414] # Subtest: mptcp-crypto [ 3846.124426] 1..1 [ 3846.125653] ok 1 - mptcp_crypto_test_basic [ 3846.125967] ok 11 - mptcp-crypto [ 3846.291340] # Subtest: mptcp-token [ 3846.291352] 1..4 [ 3846.294549] ok 1 - mptcp_token_test_req_basic [ 3846.295790] ok 2 - mptcp_token_test_msk_basic [ 3846.296931] ok 3 - mptcp_token_test_accept [ 3846.298495] ok 4 - mptcp_token_test_destroyed [ 3846.299307] ok 12 - mptcp-token [ 3846.739050] # Subtest: rational [ 3846.739070] 1..1 [ 3846.740718] # rational_test: ok 1 - Exceeds bounds, semi-convergent term > 1/2 last term [ 3846.741641] # rational_test: ok 2 - Exceeds bounds, semi-convergent term < 1/2 last term [ 3846.743684] # rational_test: ok 3 - Closest to zero [ 3846.745448] # rational_test: ok 4 - Closest to smallest non-zero [ 3846.746590] # rational_test: ok 5 - Use convergent [ 3846.748309] # rational_test: ok 6 - Exact answer [ 3846.749502] # rational_test: ok 7 - Semiconvergent, numerator limit [ 3846.751187] # rational_test: ok 8 - Semiconvergent, denominator limit [ 3846.752327] ok 1 - rational_test [ 3846.753227] ok 13 - rational [ 3846.915976] # Subtest: resource [ 3846.915988] 1..2 [ 3846.922515] ok 1 - resource_test_union [ 3846.923571] ok 2 - resource_test_intersection [ 3846.924202] ok 14 - resource [ 3847.090282] # Subtest: slub_test [ 3847.090294] 1..2 [ 3847.147936] ok 1 - test_clobber_zone [ 3847.157403] ok 2 - test_clobber_redzone_free [ 3847.157963] ok 15 - slub_test [ 3847.482553] # Subtest: snd_soc_tplg_test [ 3847.482564] 1..11 [ 3847.489775] ok 1 - snd_soc_tplg_test_load_with_null_comp [ 3847.492591] ok 2 - snd_soc_tplg_test_load_with_null_ops [ 3847.496583] ok 3 - snd_soc_tplg_test_load_with_null_fw [ 3847.500570] ok 4 - snd_soc_tplg_test_load_empty_tplg [ 3847.504603] ok 5 - snd_soc_tplg_test_load_empty_tplg_bad_magic [ 3847.508568] ok 6 - snd_soc_tplg_test_load_empty_tplg_bad_abi [ 3847.512565] ok 7 - snd_soc_tplg_test_load_empty_tplg_bad_size [ 3847.519573] ok 8 - snd_soc_tplg_test_load_empty_tplg_bad_payload_size [ 3847.525508] ok 9 - snd_soc_tplg_test_load_pcm_tplg [ 3847.530009] ok 10 - snd_soc_tplg_test_load_pcm_tplg_reload_comp [ 3847.538980] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3847.549379] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3847.609606] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3847.616415] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3847.658174] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3847.664095] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3847.714359] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3847.718970] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3847.752021] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3847.757761] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3847.797800] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3847.803008] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3847.836580] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3847.843191] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3847.876536] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3847.898150] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3847.942421] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3847.950770] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3847.984452] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3847.992550] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.024259] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.034051] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.067100] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.072093] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.118149] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.122783] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.156669] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.161998] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.199001] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.204148] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.248473] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.255586] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.300758] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.314462] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.348643] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.354074] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.397068] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.403743] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.432717] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.439357] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.476600] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.487295] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.529304] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.549214] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.584289] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.590048] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.623539] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.628004] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.664059] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.668575] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.703614] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.714022] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.756507] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.762051] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.806029] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.811068] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.843355] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.849006] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.898349] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.903478] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.944357] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3848.952960] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3848.996161] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.009043] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.049074] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.054942] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.096843] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.101845] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.146459] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.151889] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.186404] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.203010] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.238389] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.245078] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.284633] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.290505] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.340188] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.346211] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.379876] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.385885] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.422022] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.428292] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.465506] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.471221] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.511380] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.527039] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.568296] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.575131] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.608883] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.616811] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.649150] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.654865] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.687498] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.692903] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.733155] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.738951] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.778146] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.784665] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.829652] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.835941] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.869540] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.875988] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.907640] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.914482] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3849.980910] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3849.986634] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.019144] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.025896] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.055903] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.061910] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.094217] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.096574] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.137874] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.202008] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.249905] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.255898] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.286493] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.294133] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.329547] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.335893] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.366828] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.370607] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.408970] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.413803] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.444511] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.450894] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.486487] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.492914] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.525433] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.531729] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.563251] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.568769] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.608372] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.618254] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.646909] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.652434] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.690840] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.696686] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.729223] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.733573] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.764576] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.770978] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.808548] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.815793] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.847268] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.864747] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.901258] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.908676] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.940730] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.945569] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3850.977515] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3850.983760] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.021951] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.026548] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.063097] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.065535] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.100879] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.105493] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.137720] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.142649] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.174467] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.191103] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.239970] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.245822] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.276793] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.280529] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.312983] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.318754] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.355102] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.360879] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.398034] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.402750] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.440396] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.446813] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.477151] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.482920] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.513932] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.532693] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.564883] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.570880] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.604907] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.607352] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.644384] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.649505] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.681995] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.688650] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.724909] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.730644] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.761975] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.767678] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.802084] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.807695] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.852033] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.857970] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.901987] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.907647] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.939304] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.944661] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3851.979756] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: Parent card not yet available, widget card binding deferred [ 3851.984456] sound-soc-topology-test-driver sound-soc-topology-test: ASoC: no DMI vendor name! [ 3852.022093] ok 11 - snd_soc_tplg_test_load_pcm_tplg_reload_card [ 3852.022118] ok 16 - snd_soc_tplg_test [ 3852.449428] # Subtest: soc-utils [ 3852.449441] 1..1 [ 3852.460072] ok 1 - test_tdm_params_to_bclk [ 3852.460399] ok 17 - soc-utils [ 3853.431888] # Subtest: sysctl_test [ 3853.431901] 1..10 [ 3853.435623] ok 1 - sysctl_test_api_dointvec_null_tbl_data [ 3853.442497] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset [ 3853.444671] ok 3 - sysctl_test_api_dointvec_table_len_is_zero [ 3853.447544] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set [ 3853.451711] ok 5 - sysctl_test_dointvec_read_happy_single_positive [ 3853.456646] ok 6 - sysctl_test_dointvec_read_happy_single_negative [ 3853.458097] ok 7 - sysctl_test_dointvec_write_happy_single_positive [ 3853.461570] ok 8 - sysctl_test_dointvec_write_happy_single_negative [ 3853.465705] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min [ 3853.468565] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max [ 3853.469567] ok 18 - sysctl_test [ 3853.857152] # Subtest: bits-test [ 3853.857164] 1..3 [ 3853.861607] ok 1 - genmask_test [ 3853.864603] ok 2 - genmask_ull_test [ 3853.868095] ok 3 - genmask_input_check_test [ 3853.868748] ok 19 - bits-test [ 3855.406356] # Subtest: kasan [ 3855.406375] 1..55 [ 3855.409404] ================================================================== [ 3855.410597] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 3855.411838] Write of size 1 at addr ffff888012d6e173 by task kunit_try_catch/116171 [ 3855.413113] CPU: 0 PID: 116171 Comm: kunit_try_catch Kdump: loaded Not tainted 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.414562] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.415261] Call Trace: [ 3855.415592] [ 3855.415871] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 3855.416523] dump_stack_lvl+0x57/0x81 [ 3855.417061] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.417807] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 3855.418462] print_report.cold+0x5c/0x237 [ 3855.418975] kasan_report+0xc9/0x100 [ 3855.419423] ? kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 3855.420087] kmalloc_oob_right+0x4ed/0x510 [test_kasan] [ 3855.420739] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 3855.421389] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 3855.422116] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.422811] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.423427] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.424025] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.424637] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.425374] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.425999] kthread+0x2a4/0x350 [ 3855.426412] ? kthread_complete_and_exit+0x20/0x20 [ 3855.427000] ret_from_fork+0x1f/0x30 [ 3855.427468] [ 3855.427962] Allocated by task 116171: [ 3855.428428] kasan_save_stack+0x1e/0x40 [ 3855.428905] __kasan_kmalloc+0x81/0xa0 [ 3855.429365] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 3855.429991] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.430582] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.431315] kthread+0x2a4/0x350 [ 3855.431724] ret_from_fork+0x1f/0x30 [ 3855.432373] The buggy address belongs to the object at ffff888012d6e100 which belongs to the cache kmalloc-128 of size 128 [ 3855.433845] The buggy address is located 115 bytes inside of 128-byte region [ffff888012d6e100, ffff888012d6e180) [ 3855.435433] The buggy address belongs to the physical page: [ 3855.436102] page:000000001b9189e8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12d6e [ 3855.437221] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3855.438051] raw: 000fffffc0000200 ffffea000414e380 dead000000000005 ffff8881000418c0 [ 3855.438973] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3855.439895] page dumped because: kasan: bad access detected [ 3855.440773] Memory state around the buggy address: [ 3855.441491] ffff888012d6e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 3855.442351] ffff888012d6e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.443213] >ffff888012d6e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 3855.444077] ^ [ 3855.444894] ffff888012d6e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.445762] ffff888012d6e200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3855.446624] ================================================================== [ 3855.447565] Disabling lock debugging due to kernel taint [ 3855.448225] ================================================================== [ 3855.449087] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 3855.450052] Write of size 1 at addr ffff888012d6e178 by task kunit_try_catch/116171 [ 3855.451170] CPU: 0 PID: 116171 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.452781] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.453474] Call Trace: [ 3855.453824] [ 3855.454139] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 3855.454795] dump_stack_lvl+0x57/0x81 [ 3855.455250] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.455950] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 3855.456597] print_report.cold+0x5c/0x237 [ 3855.457093] kasan_report+0xc9/0x100 [ 3855.457537] ? kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 3855.458193] kmalloc_oob_right+0x4e3/0x510 [test_kasan] [ 3855.458829] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 3855.459474] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 3855.460171] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.460845] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.461462] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.462061] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.462674] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.463467] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.464097] kthread+0x2a4/0x350 [ 3855.464501] ? kthread_complete_and_exit+0x20/0x20 [ 3855.465093] ret_from_fork+0x1f/0x30 [ 3855.465547] [ 3855.466040] Allocated by task 116171: [ 3855.466490] kasan_save_stack+0x1e/0x40 [ 3855.466963] __kasan_kmalloc+0x81/0xa0 [ 3855.467422] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 3855.468050] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.468644] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.469382] kthread+0x2a4/0x350 [ 3855.469788] ret_from_fork+0x1f/0x30 [ 3855.470438] The buggy address belongs to the object at ffff888012d6e100 which belongs to the cache kmalloc-128 of size 128 [ 3855.472061] The buggy address is located 120 bytes inside of 128-byte region [ffff888012d6e100, ffff888012d6e180) [ 3855.473644] The buggy address belongs to the physical page: [ 3855.474314] page:000000001b9189e8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12d6e [ 3855.475411] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3855.476233] raw: 000fffffc0000200 ffffea000414e380 dead000000000005 ffff8881000418c0 [ 3855.477150] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3855.478070] page dumped because: kasan: bad access detected [ 3855.478945] Memory state around the buggy address: [ 3855.479535] ffff888012d6e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 3855.480399] ffff888012d6e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.481261] >ffff888012d6e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 3855.482125] ^ [ 3855.482978] ffff888012d6e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.483842] ffff888012d6e200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3855.484704] ================================================================== [ 3855.485581] ================================================================== [ 3855.486448] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 3855.487411] Read of size 1 at addr ffff888012d6e180 by task kunit_try_catch/116171 [ 3855.488536] CPU: 0 PID: 116171 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.490334] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.491113] Call Trace: [ 3855.491461] [ 3855.491776] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 3855.492505] dump_stack_lvl+0x57/0x81 [ 3855.493040] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.493825] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 3855.494529] print_report.cold+0x5c/0x237 [ 3855.495026] kasan_report+0xc9/0x100 [ 3855.495471] ? kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 3855.496132] kmalloc_oob_right+0x4d9/0x510 [test_kasan] [ 3855.496794] ? kmalloc_oob_left+0x2e0/0x2e0 [test_kasan] [ 3855.497477] ? lockdep_hardirqs_on_prepare.part.0+0x18c/0x370 [ 3855.498183] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.498862] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.499479] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.500080] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.500703] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.501629] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.502299] kthread+0x2a4/0x350 [ 3855.502709] ? kthread_complete_and_exit+0x20/0x20 [ 3855.503295] ret_from_fork+0x1f/0x30 [ 3855.503750] [ 3855.504236] Allocated by task 116171: [ 3855.504690] kasan_save_stack+0x1e/0x40 [ 3855.505160] __kasan_kmalloc+0x81/0xa0 [ 3855.505620] kmalloc_oob_right+0x98/0x510 [test_kasan] [ 3855.506243] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.506838] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.507571] kthread+0x2a4/0x350 [ 3855.507980] ret_from_fork+0x1f/0x30 [ 3855.508628] The buggy address belongs to the object at ffff888012d6e100 which belongs to the cache kmalloc-128 of size 128 [ 3855.510093] The buggy address is located 0 bytes to the right of 128-byte region [ffff888012d6e100, ffff888012d6e180) [ 3855.511710] The buggy address belongs to the physical page: [ 3855.512399] page:000000001b9189e8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12d6e [ 3855.513625] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3855.514479] raw: 000fffffc0000200 ffffea000414e380 dead000000000005 ffff8881000418c0 [ 3855.515401] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3855.516321] page dumped because: kasan: bad access detected [ 3855.517194] Memory state around the buggy address: [ 3855.517778] ffff888012d6e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.518638] ffff888012d6e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 3855.519500] >ffff888012d6e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.520363] ^ [ 3855.520771] ffff888012d6e200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3855.521630] ffff888012d6e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.522495] ================================================================== [ 3855.524278] ok 1 - kmalloc_oob_right [ 3855.526350] ================================================================== [ 3855.527730] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 3855.528691] Read of size 1 at addr ffff8880479e749f by task kunit_try_catch/116172 [ 3855.529800] CPU: 0 PID: 116172 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.531708] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.532399] Call Trace: [ 3855.532716] [ 3855.532990] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 3855.533635] dump_stack_lvl+0x57/0x81 [ 3855.534097] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.534799] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 3855.535442] print_report.cold+0x5c/0x237 [ 3855.535953] kasan_report+0xc9/0x100 [ 3855.536400] ? kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 3855.537054] kmalloc_oob_left+0x2bf/0x2e0 [test_kasan] [ 3855.537682] ? kmalloc_pagealloc_oob_right+0x290/0x290 [test_kasan] [ 3855.538437] ? do_raw_spin_trylock+0xb5/0x180 [ 3855.538985] ? do_raw_spin_lock+0x270/0x270 [ 3855.539501] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.540207] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.540904] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.541552] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.542173] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.542911] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.543536] kthread+0x2a4/0x350 [ 3855.543946] ? kthread_complete_and_exit+0x20/0x20 [ 3855.544534] ret_from_fork+0x1f/0x30 [ 3855.544994] [ 3855.545486] Allocated by task 116086: [ 3855.545940] kasan_save_stack+0x1e/0x40 [ 3855.546412] __kasan_kmalloc+0x81/0xa0 [ 3855.546879] proc_self_get_link+0x165/0x1d0 [ 3855.547419] pick_link+0x86c/0xfb0 [ 3855.547859] step_into+0x507/0xd50 [ 3855.548284] walk_component+0x11f/0x5b0 [ 3855.548760] link_path_walk.part.0.constprop.0+0x567/0xb90 [ 3855.549420] path_lookupat+0x79/0x6b0 [ 3855.549878] filename_lookup+0x19b/0x520 [ 3855.550359] user_path_at_empty+0x3a/0x60 [ 3855.550854] do_utimes+0xe9/0x190 [ 3855.551274] __x64_sys_utimensat+0x150/0x200 [ 3855.551805] do_syscall_64+0x59/0x90 [ 3855.552274] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3855.553105] Freed by task 116086: [ 3855.553520] kasan_save_stack+0x1e/0x40 [ 3855.554015] kasan_set_track+0x21/0x30 [ 3855.554532] kasan_set_free_info+0x20/0x40 [ 3855.555106] __kasan_slab_free+0x108/0x170 [ 3855.555605] slab_free_freelist_hook+0x11d/0x1d0 [ 3855.556180] kfree+0xe2/0x3c0 [ 3855.556560] walk_component+0x1ee/0x5b0 [ 3855.557036] link_path_walk.part.0.constprop.0+0x485/0xb90 [ 3855.557699] path_lookupat+0x79/0x6b0 [ 3855.558153] filename_lookup+0x19b/0x520 [ 3855.558635] user_path_at_empty+0x3a/0x60 [ 3855.559133] do_utimes+0xe9/0x190 [ 3855.559548] __x64_sys_utimensat+0x150/0x200 [ 3855.560078] do_syscall_64+0x59/0x90 [ 3855.560521] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 3855.561552] The buggy address belongs to the object at ffff8880479e7480 which belongs to the cache kmalloc-16 of size 16 [ 3855.563069] The buggy address is located 15 bytes to the right of 16-byte region [ffff8880479e7480, ffff8880479e7490) [ 3855.564789] The buggy address belongs to the physical page: [ 3855.565457] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3855.566561] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3855.567462] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 3855.568464] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3855.569459] page dumped because: kasan: bad access detected [ 3855.570442] Memory state around the buggy address: [ 3855.571098] ffff8880479e7380: 00 00 fc fc fa fb fc fc 00 00 fc fc fb fb fc fc [ 3855.572064] ffff8880479e7400: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3855.573031] >ffff8880479e7480: fa fb fc fc 00 07 fc fc 00 00 fc fc fa fb fc fc [ 3855.573997] ^ [ 3855.574546] ffff8880479e7500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3855.575472] ffff8880479e7580: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc [ 3855.576342] ================================================================== [ 3855.580249] ok 2 - kmalloc_oob_left [ 3855.582374] ================================================================== [ 3855.583744] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 3855.584904] Read of size 1 at addr ffff88809475b000 by task kunit_try_catch/116173 [ 3855.586040] CPU: 0 PID: 116173 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.587659] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.588356] Call Trace: [ 3855.588666] [ 3855.588945] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 3855.589656] dump_stack_lvl+0x57/0x81 [ 3855.590116] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.590825] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 3855.591766] print_report.cold+0x5c/0x237 [ 3855.592313] kasan_report+0xc9/0x100 [ 3855.592765] ? kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 3855.593560] kmalloc_node_oob_right+0x2bf/0x2e0 [test_kasan] [ 3855.594337] ? pagealloc_uaf+0x2f0/0x2f0 [test_kasan] [ 3855.594987] ? do_raw_spin_trylock+0xb5/0x180 [ 3855.595525] ? do_raw_spin_lock+0x270/0x270 [ 3855.596045] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.596719] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.597338] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.597935] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.598552] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.599293] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.599920] kthread+0x2a4/0x350 [ 3855.600332] ? kthread_complete_and_exit+0x20/0x20 [ 3855.600922] ret_from_fork+0x1f/0x30 [ 3855.601374] [ 3855.601869] Allocated by task 116173: [ 3855.602322] kasan_save_stack+0x1e/0x40 [ 3855.602822] __kasan_kmalloc+0x81/0xa0 [ 3855.603340] kmalloc_node_oob_right+0x9a/0x2e0 [test_kasan] [ 3855.604083] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.604729] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.605550] kthread+0x2a4/0x350 [ 3855.605975] ret_from_fork+0x1f/0x30 [ 3855.606623] The buggy address belongs to the object at ffff88809475a000 which belongs to the cache kmalloc-4k of size 4096 [ 3855.608088] The buggy address is located 0 bytes to the right of 4096-byte region [ffff88809475a000, ffff88809475b000) [ 3855.614559] The buggy address belongs to the physical page: [ 3855.615234] page:00000000ee7cfc6f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x94758 [ 3855.616340] head:00000000ee7cfc6f order:3 compound_mapcount:0 compound_pincount:0 [ 3855.617234] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) [ 3855.618195] raw: 000fffffc0010200 ffffea00026ff400 dead000000000003 ffff888100042140 [ 3855.619227] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 [ 3855.620252] page dumped because: kasan: bad access detected [ 3855.621384] Memory state around the buggy address: [ 3855.622041] ffff88809475af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.623000] ffff88809475af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.623942] >ffff88809475b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.624804] ^ [ 3855.625207] ffff88809475b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.626070] ffff88809475b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.626930] ================================================================== [ 3855.628470] ok 3 - kmalloc_node_oob_right [ 3855.630322] ================================================================== [ 3855.631839] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 3855.632915] Write of size 1 at addr ffff8880893e200a by task kunit_try_catch/116174 [ 3855.634034] CPU: 0 PID: 116174 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.635758] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.636451] Call Trace: [ 3855.636770] [ 3855.637046] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 3855.637809] dump_stack_lvl+0x57/0x81 [ 3855.638265] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.638965] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 3855.639729] print_report.cold+0x5c/0x237 [ 3855.640224] kasan_report+0xc9/0x100 [ 3855.640687] ? kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 3855.641443] kmalloc_pagealloc_oob_right+0x27b/0x290 [test_kasan] [ 3855.642189] ? kmalloc_pagealloc_uaf+0x280/0x280 [test_kasan] [ 3855.642890] ? do_raw_spin_trylock+0xb5/0x180 [ 3855.643426] ? do_raw_spin_lock+0x270/0x270 [ 3855.643946] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.644625] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.645247] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.645847] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.646462] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.647203] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.647831] kthread+0x2a4/0x350 [ 3855.648237] ? kthread_complete_and_exit+0x20/0x20 [ 3855.648828] ret_from_fork+0x1f/0x30 [ 3855.649284] [ 3855.649781] The buggy address belongs to the physical page: [ 3855.650445] page:0000000082d2bfde refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x893e0 [ 3855.651794] head:0000000082d2bfde order:2 compound_mapcount:0 compound_pincount:0 [ 3855.652743] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3855.653562] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3855.654486] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3855.655503] page dumped because: kasan: bad access detected [ 3855.656441] Memory state around the buggy address: [ 3855.657029] ffff8880893e1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.657895] ffff8880893e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.658761] >ffff8880893e2000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3855.659625] ^ [ 3855.660062] ffff8880893e2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3855.660930] ffff8880893e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3855.661794] ================================================================== [ 3855.662792] ok 4 - kmalloc_pagealloc_oob_right [ 3855.665273] ================================================================== [ 3855.666928] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 3855.668018] Read of size 1 at addr ffff8880893e0000 by task kunit_try_catch/116175 [ 3855.669193] CPU: 0 PID: 116175 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.671004] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.671784] Call Trace: [ 3855.672132] [ 3855.672440] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 3855.673228] dump_stack_lvl+0x57/0x81 [ 3855.673740] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.674519] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 3855.675277] print_report.cold+0x5c/0x237 [ 3855.675784] kasan_report+0xc9/0x100 [ 3855.676231] ? kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 3855.676936] kmalloc_pagealloc_uaf+0x26b/0x280 [test_kasan] [ 3855.677610] ? kmalloc_pagealloc_invalid_free+0x250/0x250 [test_kasan] [ 3855.678395] ? do_raw_spin_trylock+0xb5/0x180 [ 3855.678939] ? do_raw_spin_lock+0x270/0x270 [ 3855.679455] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.680131] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.680808] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.681610] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.682300] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.683042] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.683670] kthread+0x2a4/0x350 [ 3855.684080] ? kthread_complete_and_exit+0x20/0x20 [ 3855.684673] ret_from_fork+0x1f/0x30 [ 3855.685127] [ 3855.685617] The buggy address belongs to the physical page: [ 3855.686285] page:0000000082d2bfde refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x893e0 [ 3855.687472] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 3855.688342] raw: 000fffffc0000000 ffffea00005bb808 ffff88810c200270 0000000000000000 [ 3855.689375] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 3855.690403] page dumped because: kasan: bad access detected [ 3855.691392] Memory state around the buggy address: [ 3855.691978] ffff8880893dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.692882] ffff8880893dff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.693847] >ffff8880893e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3855.694790] ^ [ 3855.695194] ffff8880893e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3855.696060] ffff8880893e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3855.696924] ================================================================== [ 3855.698093] ok 5 - kmalloc_pagealloc_uaf [ 3855.700333] ================================================================== [ 3855.701758] BUG: KASAN: double-free or invalid-free in kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 3855.703157] CPU: 0 PID: 116176 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.704771] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.705464] Call Trace: [ 3855.705778] [ 3855.706055] dump_stack_lvl+0x57/0x81 [ 3855.706512] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.707215] print_report.cold+0x5c/0x237 [ 3855.707712] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 3855.708493] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 3855.709285] kasan_report_invalid_free+0x99/0xc0 [ 3855.709858] ? kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 3855.710646] kfree+0x2ab/0x3c0 [ 3855.711188] kmalloc_pagealloc_invalid_free+0x191/0x250 [test_kasan] [ 3855.711980] ? kmalloc_large_oob_right+0x2b0/0x2b0 [test_kasan] [ 3855.712733] ? do_raw_spin_trylock+0xb5/0x180 [ 3855.713275] ? do_raw_spin_lock+0x270/0x270 [ 3855.713827] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.714584] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.715209] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.715808] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.716423] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.717163] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.717790] kthread+0x2a4/0x350 [ 3855.718194] ? kthread_complete_and_exit+0x20/0x20 [ 3855.718787] ret_from_fork+0x1f/0x30 [ 3855.719244] [ 3855.719739] The buggy address belongs to the physical page: [ 3855.720409] page:0000000082d2bfde refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x893e0 [ 3855.721512] head:0000000082d2bfde order:2 compound_mapcount:0 compound_pincount:0 [ 3855.722409] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3855.723230] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3855.724155] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3855.725075] page dumped because: kasan: bad access detected [ 3855.725957] Memory state around the buggy address: [ 3855.726540] ffff8880893dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.727407] ffff8880893dff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.728276] >ffff8880893e0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.729141] ^ [ 3855.729547] ffff8880893e0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.730418] ffff8880893e0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.731284] ================================================================== [ 3855.734319] ok 6 - kmalloc_pagealloc_invalid_free [ 3855.739277] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 3855.742407] ================================================================== [ 3855.744244] BUG: KASAN: use-after-free in pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 3855.745137] Read of size 1 at addr ffff888004250000 by task kunit_try_catch/116178 [ 3855.746247] CPU: 0 PID: 116178 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.747908] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.748671] Call Trace: [ 3855.749020] [ 3855.749327] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 3855.750022] dump_stack_lvl+0x57/0x81 [ 3855.750540] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.751244] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 3855.751869] print_report.cold+0x5c/0x237 [ 3855.752364] kasan_report+0xc9/0x100 [ 3855.752851] ? pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 3855.753498] pagealloc_uaf+0x2b5/0x2f0 [test_kasan] [ 3855.754104] ? krealloc_more_oob+0x10/0x10 [test_kasan] [ 3855.754744] ? do_raw_spin_trylock+0xb5/0x180 [ 3855.755286] ? do_raw_spin_lock+0x270/0x270 [ 3855.755809] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.756487] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.757110] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.757711] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.758328] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.759071] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.759701] kthread+0x2a4/0x350 [ 3855.760109] ? kthread_complete_and_exit+0x20/0x20 [ 3855.760702] ret_from_fork+0x1f/0x30 [ 3855.761157] [ 3855.761650] The buggy address belongs to the physical page: [ 3855.762321] page:000000006b16cb22 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x4250 [ 3855.763443] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 3855.764325] raw: 000fffffc0000000 ffffea0000110408 ffff88813ffd3aa0 0000000000000000 [ 3855.765278] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 [ 3855.766201] page dumped because: kasan: bad access detected [ 3855.767077] Memory state around the buggy address: [ 3855.767672] ffff88800424ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.768532] ffff88800424ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.769394] >ffff888004250000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3855.770254] ^ [ 3855.770655] ffff888004250080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3855.771728] ffff888004250100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 3855.772647] ================================================================== [ 3855.773729] ok 8 - pagealloc_uaf [ 3855.775271] ================================================================== [ 3855.776608] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 3855.777642] Write of size 1 at addr ffff8880a0655f00 by task kunit_try_catch/116179 [ 3855.778766] CPU: 0 PID: 116179 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.780382] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.781082] Call Trace: [ 3855.781437] [ 3855.781749] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 3855.782560] dump_stack_lvl+0x57/0x81 [ 3855.783077] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.783809] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 3855.784524] print_report.cold+0x5c/0x237 [ 3855.785029] kasan_report+0xc9/0x100 [ 3855.785526] ? kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 3855.786331] kmalloc_large_oob_right+0x28c/0x2b0 [test_kasan] [ 3855.787091] ? kmalloc_oob_16+0x3b0/0x3b0 [test_kasan] [ 3855.787790] ? do_raw_spin_trylock+0xb5/0x180 [ 3855.788389] ? do_raw_spin_lock+0x270/0x270 [ 3855.788976] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.789740] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.790438] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.791043] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.791738] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.792562] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.793263] kthread+0x2a4/0x350 [ 3855.793728] ? kthread_complete_and_exit+0x20/0x20 [ 3855.794383] ret_from_fork+0x1f/0x30 [ 3855.794879] [ 3855.795369] Allocated by task 116179: [ 3855.795825] kasan_save_stack+0x1e/0x40 [ 3855.796328] __kasan_kmalloc+0x81/0xa0 [ 3855.796856] kmalloc_large_oob_right+0x98/0x2b0 [test_kasan] [ 3855.797544] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.798145] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.798883] kthread+0x2a4/0x350 [ 3855.799288] ret_from_fork+0x1f/0x30 [ 3855.799942] The buggy address belongs to the object at ffff8880a0654000 which belongs to the cache kmalloc-8k of size 8192 [ 3855.801659] The buggy address is located 7936 bytes inside of 8192-byte region [ffff8880a0654000, ffff8880a0656000) [ 3855.803352] The buggy address belongs to the physical page: [ 3855.804022] page:00000000b4790534 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa0650 [ 3855.805127] head:00000000b4790534 order:3 compound_mapcount:0 compound_pincount:0 [ 3855.806022] flags: 0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) [ 3855.806903] raw: 000fffffc0010200 ffffea000011ca00 dead000000000004 ffff888100042280 [ 3855.807823] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 3855.808746] page dumped because: kasan: bad access detected [ 3855.809616] Memory state around the buggy address: [ 3855.810202] ffff8880a0655e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.811064] ffff8880a0655e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.811933] >ffff8880a0655f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.812827] ^ [ 3855.813280] ffff8880a0655f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.814230] ffff8880a0656000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.815195] ================================================================== [ 3855.818333] ok 9 - kmalloc_large_oob_right [ 3855.822432] ================================================================== [ 3855.823880] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3855.824997] Write of size 1 at addr ffff8881071074eb by task kunit_try_catch/116180 [ 3855.826115] CPU: 0 PID: 116180 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.827722] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.828410] Call Trace: [ 3855.828726] [ 3855.829000] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3855.829730] dump_stack_lvl+0x57/0x81 [ 3855.830184] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.831061] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3855.831897] print_report.cold+0x5c/0x237 [ 3855.832468] kasan_report+0xc9/0x100 [ 3855.832968] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3855.833697] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3855.834403] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 3855.835042] ? rcu_read_lock_sched_held+0x12/0x80 [ 3855.835667] ? rcu_read_lock_sched_held+0x12/0x80 [ 3855.836316] ? lock_acquire+0x4ea/0x620 [ 3855.836825] ? rcu_read_unlock+0x40/0x40 [ 3855.837320] ? rcu_read_unlock+0x40/0x40 [ 3855.837804] ? rcu_read_lock_sched_held+0x12/0x80 [ 3855.838380] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.839058] ? do_raw_spin_lock+0x270/0x270 [ 3855.839571] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3855.840310] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3855.840917] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.841537] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.842132] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.842755] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.843581] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.844249] kthread+0x2a4/0x350 [ 3855.844663] ? kthread_complete_and_exit+0x20/0x20 [ 3855.845247] ret_from_fork+0x1f/0x30 [ 3855.845707] [ 3855.846196] Allocated by task 116180: [ 3855.846649] kasan_save_stack+0x1e/0x40 [ 3855.847125] __kasan_krealloc+0xee/0x160 [ 3855.847604] krealloc+0x50/0xe0 [ 3855.848014] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 3855.848725] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.849318] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.850056] kthread+0x2a4/0x350 [ 3855.850460] ret_from_fork+0x1f/0x30 [ 3855.851116] Last potentially related work creation: [ 3855.851721] kasan_save_stack+0x1e/0x40 [ 3855.852193] __kasan_record_aux_stack+0x96/0xb0 [ 3855.852753] kvfree_call_rcu+0x7d/0x840 [ 3855.853229] dma_resv_list_free.part.0+0xd4/0x130 [ 3855.853831] dma_resv_fini+0x38/0x50 [ 3855.854273] drm_gem_object_release+0x73/0x100 [drm] [ 3855.855056] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3855.855656] ttm_bo_release+0x688/0xbc0 [ttm] [ 3855.856218] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3855.856833] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3855.857530] process_one_work+0x8e2/0x1520 [ 3855.858038] worker_thread+0x59e/0xf90 [ 3855.858499] kthread+0x2a4/0x350 [ 3855.858904] ret_from_fork+0x1f/0x30 [ 3855.859555] Second to last potentially related work creation: [ 3855.860251] kasan_save_stack+0x1e/0x40 [ 3855.860723] __kasan_record_aux_stack+0x96/0xb0 [ 3855.861487] kvfree_call_rcu+0x7d/0x840 [ 3855.862019] dma_resv_list_free.part.0+0xd4/0x130 [ 3855.862619] dma_resv_fini+0x38/0x50 [ 3855.863067] drm_gem_object_release+0x73/0x100 [drm] [ 3855.863709] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3855.864287] ttm_bo_release+0x688/0xbc0 [ttm] [ 3855.864830] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3855.865516] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3855.866176] process_one_work+0x8e2/0x1520 [ 3855.866680] worker_thread+0x59e/0xf90 [ 3855.868582] kthread+0x2a4/0x350 [ 3855.870066] ret_from_fork+0x1f/0x30 [ 3855.872351] The buggy address belongs to the object at ffff888107107400 which belongs to the cache kmalloc-256 of size 256 [ 3855.877090] The buggy address is located 235 bytes inside of 256-byte region [ffff888107107400, ffff888107107500) [ 3855.881978] The buggy address belongs to the physical page: [ 3855.882836] page:0000000040bc3d0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107107 [ 3855.884256] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 3855.885322] raw: 0017ffffc0000200 ffffea000004eac0 dead000000000007 ffff888100041b40 [ 3855.886513] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3855.887696] page dumped because: kasan: bad access detected [ 3855.888829] Memory state around the buggy address: [ 3855.889572] ffff888107107380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.890682] ffff888107107400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.891964] >ffff888107107480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 3855.893026] ^ [ 3855.893910] ffff888107107500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.894827] ffff888107107580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.895755] ================================================================== [ 3855.896897] ================================================================== [ 3855.897827] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3855.898962] Write of size 1 at addr ffff8881071074f0 by task kunit_try_catch/116180 [ 3855.900157] CPU: 0 PID: 116180 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.901869] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.902620] Call Trace: [ 3855.902952] [ 3855.903246] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3855.904050] dump_stack_lvl+0x57/0x81 [ 3855.904524] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.905259] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3855.906039] print_report.cold+0x5c/0x237 [ 3855.906571] kasan_report+0xc9/0x100 [ 3855.907050] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3855.907829] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3855.908606] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 3855.909320] ? rcu_read_lock_sched_held+0x12/0x80 [ 3855.909982] ? rcu_read_lock_sched_held+0x12/0x80 [ 3855.910623] ? lock_acquire+0x4ea/0x620 [ 3855.911191] ? rcu_read_unlock+0x40/0x40 [ 3855.911738] ? rcu_read_unlock+0x40/0x40 [ 3855.912245] ? rcu_read_lock_sched_held+0x12/0x80 [ 3855.912861] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.913578] ? do_raw_spin_lock+0x270/0x270 [ 3855.914134] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3855.914923] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3855.915564] ? kunit_add_resource+0x197/0x280 [kunit] [ 3855.916216] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.916834] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3855.917465] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.918279] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3855.918947] kthread+0x2a4/0x350 [ 3855.919387] ? kthread_complete_and_exit+0x20/0x20 [ 3855.920014] ret_from_fork+0x1f/0x30 [ 3855.920506] [ 3855.921181] Allocated by task 116180: [ 3855.921668] kasan_save_stack+0x1e/0x40 [ 3855.922205] __kasan_krealloc+0xee/0x160 [ 3855.922769] krealloc+0x50/0xe0 [ 3855.923196] krealloc_more_oob_helper+0x1d5/0x610 [test_kasan] [ 3855.923972] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3855.924630] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3855.925490] kthread+0x2a4/0x350 [ 3855.925973] ret_from_fork+0x1f/0x30 [ 3855.926666] Last potentially related work creation: [ 3855.927298] kasan_save_stack+0x1e/0x40 [ 3855.927805] __kasan_record_aux_stack+0x96/0xb0 [ 3855.928390] kvfree_call_rcu+0x7d/0x840 [ 3855.928906] dma_resv_list_free.part.0+0xd4/0x130 [ 3855.929499] dma_resv_fini+0x38/0x50 [ 3855.929966] drm_gem_object_release+0x73/0x100 [drm] [ 3855.930671] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3855.931299] ttm_bo_release+0x688/0xbc0 [ttm] [ 3855.931888] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3855.932555] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3855.933230] process_one_work+0x8e2/0x1520 [ 3855.933742] worker_thread+0x59e/0xf90 [ 3855.934248] kthread+0x2a4/0x350 [ 3855.934683] ret_from_fork+0x1f/0x30 [ 3855.935367] Second to last potentially related work creation: [ 3855.936107] kasan_save_stack+0x1e/0x40 [ 3855.936605] __kasan_record_aux_stack+0x96/0xb0 [ 3855.937201] kvfree_call_rcu+0x7d/0x840 [ 3855.937703] dma_resv_list_free.part.0+0xd4/0x130 [ 3855.938352] dma_resv_fini+0x38/0x50 [ 3855.938858] drm_gem_object_release+0x73/0x100 [drm] [ 3855.939546] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3855.940297] ttm_bo_release+0x688/0xbc0 [ttm] [ 3855.941273] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3855.942169] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3855.943152] process_one_work+0x8e2/0x1520 [ 3855.943886] worker_thread+0x59e/0xf90 [ 3855.944576] kthread+0x2a4/0x350 [ 3855.945187] ret_from_fork+0x1f/0x30 [ 3855.946145] The buggy address belongs to the object at ffff888107107400 which belongs to the cache kmalloc-256 of size 256 [ 3855.948308] The buggy address is located 240 bytes inside of 256-byte region [ffff888107107400, ffff888107107500) [ 3855.950803] The buggy address belongs to the physical page: [ 3855.952089] page:0000000040bc3d0d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107107 [ 3855.953748] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 3855.954976] raw: 0017ffffc0000200 ffffea000004eac0 dead000000000007 ffff888100041b40 [ 3855.956402] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3855.957911] page dumped because: kasan: bad access detected [ 3855.959315] Memory state around the buggy address: [ 3855.960191] ffff888107107380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.961461] ffff888107107400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3855.962734] >ffff888107107480: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 3855.964042] ^ [ 3855.965339] ffff888107107500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.966681] ffff888107107580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3855.967968] ================================================================== [ 3855.969956] ok 10 - krealloc_more_oob [ 3855.972334] ================================================================== [ 3855.974353] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3855.975875] Write of size 1 at addr ffff8880013ab4c9 by task kunit_try_catch/116181 [ 3855.977520] CPU: 0 PID: 116181 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3855.979914] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3855.981142] Call Trace: [ 3855.981671] [ 3855.982127] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3855.983260] dump_stack_lvl+0x57/0x81 [ 3855.983929] print_address_description.constprop.0+0x1f/0x1e0 [ 3855.984963] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3855.986044] print_report.cold+0x5c/0x237 [ 3855.986771] kasan_report+0xc9/0x100 [ 3855.987439] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3855.988503] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3855.989555] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3855.990442] ? rcu_read_lock_sched_held+0x12/0x80 [ 3855.991296] ? rcu_read_lock_sched_held+0x12/0x80 [ 3855.992156] ? lock_acquire+0x4ea/0x620 [ 3855.992852] ? rcu_read_unlock+0x40/0x40 [ 3855.993567] ? rcu_read_unlock+0x40/0x40 [ 3855.994285] ? rcu_read_lock_sched_held+0x12/0x80 [ 3855.995136] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3855.996145] ? do_raw_spin_lock+0x270/0x270 [ 3855.996898] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.005006] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.005907] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.006820] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.007705] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.008599] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.009689] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.010601] kthread+0x2a4/0x350 [ 3856.011210] ? kthread_complete_and_exit+0x20/0x20 [ 3856.011796] ret_from_fork+0x1f/0x30 [ 3856.012248] [ 3856.012738] Allocated by task 116181: [ 3856.013193] kasan_save_stack+0x1e/0x40 [ 3856.013667] __kasan_krealloc+0xee/0x160 [ 3856.014144] krealloc+0x50/0xe0 [ 3856.014539] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 3856.015241] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.015917] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.016705] kthread+0x2a4/0x350 [ 3856.017105] ret_from_fork+0x1f/0x30 [ 3856.017834] Last potentially related work creation: [ 3856.018492] kasan_save_stack+0x1e/0x40 [ 3856.018963] __kasan_record_aux_stack+0x96/0xb0 [ 3856.019513] kvfree_call_rcu+0x7d/0x840 [ 3856.019985] dma_resv_list_free.part.0+0xd4/0x130 [ 3856.020556] dma_resv_fini+0x38/0x50 [ 3856.021000] drm_gem_object_release+0x73/0x100 [drm] [ 3856.021642] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3856.022218] ttm_bo_release+0x688/0xbc0 [ttm] [ 3856.022762] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3856.023362] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3856.024017] process_one_work+0x8e2/0x1520 [ 3856.024513] worker_thread+0x59e/0xf90 [ 3856.024973] kthread+0x2a4/0x350 [ 3856.025377] ret_from_fork+0x1f/0x30 [ 3856.026024] Second to last potentially related work creation: [ 3856.026717] kasan_save_stack+0x1e/0x40 [ 3856.027185] __kasan_record_aux_stack+0x96/0xb0 [ 3856.027738] kvfree_call_rcu+0x7d/0x840 [ 3856.028204] dma_resv_list_free.part.0+0xd4/0x130 [ 3856.028776] dma_resv_fini+0x38/0x50 [ 3856.029216] drm_gem_object_release+0x73/0x100 [drm] [ 3856.029860] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3856.030433] ttm_bo_release+0x688/0xbc0 [ttm] [ 3856.030972] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3856.031573] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3856.032230] process_one_work+0x8e2/0x1520 [ 3856.032729] worker_thread+0x59e/0xf90 [ 3856.033186] kthread+0x2a4/0x350 [ 3856.033587] ret_from_fork+0x1f/0x30 [ 3856.034235] The buggy address belongs to the object at ffff8880013ab400 which belongs to the cache kmalloc-256 of size 256 [ 3856.035693] The buggy address is located 201 bytes inside of 256-byte region [ffff8880013ab400, ffff8880013ab500) [ 3856.037267] The buggy address belongs to the physical page: [ 3856.037931] page:00000000332ddb05 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13ab [ 3856.039013] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.039837] raw: 000fffffc0000200 ffffea0004132e00 dead000000000006 ffff888100041b40 [ 3856.040757] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3856.041813] page dumped because: kasan: bad access detected [ 3856.042680] Memory state around the buggy address: [ 3856.043257] ffff8880013ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.044114] ffff8880013ab400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.044971] >ffff8880013ab480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 3856.045824] ^ [ 3856.046484] ffff8880013ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.047336] ffff8880013ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.048194] ================================================================== [ 3856.049164] ================================================================== [ 3856.050035] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3856.051074] Write of size 1 at addr ffff8880013ab4d0 by task kunit_try_catch/116181 [ 3856.052183] CPU: 0 PID: 116181 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.053792] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.054479] Call Trace: [ 3856.054794] [ 3856.055067] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3856.055796] dump_stack_lvl+0x57/0x81 [ 3856.056251] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.056949] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3856.057672] print_report.cold+0x5c/0x237 [ 3856.058162] kasan_report+0xc9/0x100 [ 3856.058604] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3856.059332] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3856.060043] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3856.060647] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.061217] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.061794] ? lock_acquire+0x4ea/0x620 [ 3856.062266] ? rcu_read_unlock+0x40/0x40 [ 3856.062750] ? rcu_read_unlock+0x40/0x40 [ 3856.063227] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.063801] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.064473] ? do_raw_spin_lock+0x270/0x270 [ 3856.064987] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.065749] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.066423] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.067056] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.067656] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.068269] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.069005] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.069626] kthread+0x2a4/0x350 [ 3856.070037] ? kthread_complete_and_exit+0x20/0x20 [ 3856.070624] ret_from_fork+0x1f/0x30 [ 3856.071233] [ 3856.071725] Allocated by task 116181: [ 3856.072173] kasan_save_stack+0x1e/0x40 [ 3856.072646] __kasan_krealloc+0xee/0x160 [ 3856.073122] krealloc+0x50/0xe0 [ 3856.073516] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 3856.074224] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.074826] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.075556] kthread+0x2a4/0x350 [ 3856.075960] ret_from_fork+0x1f/0x30 [ 3856.076605] Last potentially related work creation: [ 3856.077194] kasan_save_stack+0x1e/0x40 [ 3856.077664] __kasan_record_aux_stack+0x96/0xb0 [ 3856.078214] kvfree_call_rcu+0x7d/0x840 [ 3856.078687] dma_resv_list_free.part.0+0xd4/0x130 [ 3856.079256] dma_resv_fini+0x38/0x50 [ 3856.079698] drm_gem_object_release+0x73/0x100 [drm] [ 3856.080334] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3856.080912] ttm_bo_release+0x688/0xbc0 [ttm] [ 3856.081452] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3856.082059] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3856.082713] process_one_work+0x8e2/0x1520 [ 3856.083209] worker_thread+0x59e/0xf90 [ 3856.083735] kthread+0x2a4/0x350 [ 3856.084160] ret_from_fork+0x1f/0x30 [ 3856.084808] Second to last potentially related work creation: [ 3856.085492] kasan_save_stack+0x1e/0x40 [ 3856.085964] __kasan_record_aux_stack+0x96/0xb0 [ 3856.086514] kvfree_call_rcu+0x7d/0x840 [ 3856.087020] dma_resv_list_free.part.0+0xd4/0x130 [ 3856.087662] dma_resv_fini+0x38/0x50 [ 3856.088152] drm_gem_object_release+0x73/0x100 [drm] [ 3856.088796] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3856.089368] ttm_bo_release+0x688/0xbc0 [ttm] [ 3856.089908] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3856.090510] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3856.091165] process_one_work+0x8e2/0x1520 [ 3856.091664] worker_thread+0x59e/0xf90 [ 3856.092123] kthread+0x2a4/0x350 [ 3856.092524] ret_from_fork+0x1f/0x30 [ 3856.093176] The buggy address belongs to the object at ffff8880013ab400 which belongs to the cache kmalloc-256 of size 256 [ 3856.094637] The buggy address is located 208 bytes inside of 256-byte region [ffff8880013ab400, ffff8880013ab500) [ 3856.096214] The buggy address belongs to the physical page: [ 3856.096878] page:00000000332ddb05 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13ab [ 3856.097961] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.098779] raw: 000fffffc0000200 ffffea0004132e00 dead000000000006 ffff888100041b40 [ 3856.099700] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3856.100612] page dumped because: kasan: bad access detected [ 3856.101636] Memory state around the buggy address: [ 3856.102214] ffff8880013ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.103074] ffff8880013ab400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.103935] >ffff8880013ab480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 3856.104790] ^ [ 3856.105486] ffff8880013ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.106345] ffff8880013ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.107202] ================================================================== [ 3856.108098] ================================================================== [ 3856.108958] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3856.109989] Write of size 1 at addr ffff8880013ab4da by task kunit_try_catch/116181 [ 3856.111101] CPU: 0 PID: 116181 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.112704] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.113391] Call Trace: [ 3856.113704] [ 3856.113977] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3856.114701] dump_stack_lvl+0x57/0x81 [ 3856.115153] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.115849] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3856.116570] print_report.cold+0x5c/0x237 [ 3856.117064] kasan_report+0xc9/0x100 [ 3856.117507] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3856.118232] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3856.118940] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3856.119537] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.120109] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.120688] ? lock_acquire+0x4ea/0x620 [ 3856.121156] ? rcu_read_unlock+0x40/0x40 [ 3856.121639] ? rcu_read_unlock+0x40/0x40 [ 3856.122116] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.122689] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.123357] ? do_raw_spin_lock+0x270/0x270 [ 3856.123869] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.124604] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.125210] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.125830] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.126423] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.127043] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.127782] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.128405] kthread+0x2a4/0x350 [ 3856.128812] ? kthread_complete_and_exit+0x20/0x20 [ 3856.129395] ret_from_fork+0x1f/0x30 [ 3856.129851] [ 3856.130336] Allocated by task 116181: [ 3856.130791] kasan_save_stack+0x1e/0x40 [ 3856.131413] __kasan_krealloc+0xee/0x160 [ 3856.131924] krealloc+0x50/0xe0 [ 3856.132350] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 3856.133062] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.133654] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.134384] kthread+0x2a4/0x350 [ 3856.134789] ret_from_fork+0x1f/0x30 [ 3856.135432] Last potentially related work creation: [ 3856.136022] kasan_save_stack+0x1e/0x40 [ 3856.136489] __kasan_record_aux_stack+0x96/0xb0 [ 3856.137042] kvfree_call_rcu+0x7d/0x840 [ 3856.137511] dma_resv_list_free.part.0+0xd4/0x130 [ 3856.138087] dma_resv_fini+0x38/0x50 [ 3856.138525] drm_gem_object_release+0x73/0x100 [drm] [ 3856.139165] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3856.139741] ttm_bo_release+0x688/0xbc0 [ttm] [ 3856.140277] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3856.140882] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3856.141534] process_one_work+0x8e2/0x1520 [ 3856.142032] worker_thread+0x59e/0xf90 [ 3856.142491] kthread+0x2a4/0x350 [ 3856.142897] ret_from_fork+0x1f/0x30 [ 3856.143541] Second to last potentially related work creation: [ 3856.144229] kasan_save_stack+0x1e/0x40 [ 3856.144700] __kasan_record_aux_stack+0x96/0xb0 [ 3856.145250] kvfree_call_rcu+0x7d/0x840 [ 3856.145722] dma_resv_list_free.part.0+0xd4/0x130 [ 3856.146291] dma_resv_fini+0x38/0x50 [ 3856.146737] drm_gem_object_release+0x73/0x100 [drm] [ 3856.147373] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3856.147950] ttm_bo_release+0x688/0xbc0 [ttm] [ 3856.148489] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3856.149095] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3856.149752] process_one_work+0x8e2/0x1520 [ 3856.150247] worker_thread+0x59e/0xf90 [ 3856.150709] kthread+0x2a4/0x350 [ 3856.151115] ret_from_fork+0x1f/0x30 [ 3856.151764] The buggy address belongs to the object at ffff8880013ab400 which belongs to the cache kmalloc-256 of size 256 [ 3856.153216] The buggy address is located 218 bytes inside of 256-byte region [ffff8880013ab400, ffff8880013ab500) [ 3856.154799] The buggy address belongs to the physical page: [ 3856.155460] page:00000000332ddb05 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13ab [ 3856.156544] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.157363] raw: 000fffffc0000200 ffffea0004132e00 dead000000000006 ffff888100041b40 [ 3856.158278] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3856.159193] page dumped because: kasan: bad access detected [ 3856.160061] Memory state around the buggy address: [ 3856.160647] ffff8880013ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.161693] ffff8880013ab400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.162606] >ffff8880013ab480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 3856.163464] ^ [ 3856.164214] ffff8880013ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.165172] ffff8880013ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.166085] ================================================================== [ 3856.167072] ================================================================== [ 3856.167966] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3856.168994] Write of size 1 at addr ffff8880013ab4ea by task kunit_try_catch/116181 [ 3856.170107] CPU: 0 PID: 116181 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.171722] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.172407] Call Trace: [ 3856.172719] [ 3856.172991] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3856.173714] dump_stack_lvl+0x57/0x81 [ 3856.174163] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.174860] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3856.175577] print_report.cold+0x5c/0x237 [ 3856.176073] kasan_report+0xc9/0x100 [ 3856.176516] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3856.177240] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3856.177948] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3856.178545] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.179117] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.179690] ? lock_acquire+0x4ea/0x620 [ 3856.180160] ? rcu_read_unlock+0x40/0x40 [ 3856.180642] ? rcu_read_unlock+0x40/0x40 [ 3856.181120] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.181698] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.182364] ? do_raw_spin_lock+0x270/0x270 [ 3856.182877] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.183609] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.184226] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.184846] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.185440] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.186059] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.186792] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.187411] kthread+0x2a4/0x350 [ 3856.187817] ? kthread_complete_and_exit+0x20/0x20 [ 3856.188397] ret_from_fork+0x1f/0x30 [ 3856.188919] [ 3856.189461] Allocated by task 116181: [ 3856.189938] kasan_save_stack+0x1e/0x40 [ 3856.190404] __kasan_krealloc+0xee/0x160 [ 3856.191074] krealloc+0x50/0xe0 [ 3856.191515] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 3856.192309] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.192904] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.193643] kthread+0x2a4/0x350 [ 3856.194047] ret_from_fork+0x1f/0x30 [ 3856.194696] Last potentially related work creation: [ 3856.195280] kasan_save_stack+0x1e/0x40 [ 3856.195749] __kasan_record_aux_stack+0x96/0xb0 [ 3856.196298] kvfree_call_rcu+0x7d/0x840 [ 3856.196772] dma_resv_list_free.part.0+0xd4/0x130 [ 3856.197343] dma_resv_fini+0x38/0x50 [ 3856.197786] drm_gem_object_release+0x73/0x100 [drm] [ 3856.198420] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3856.199000] ttm_bo_release+0x688/0xbc0 [ttm] [ 3856.199539] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3856.200149] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3856.200802] process_one_work+0x8e2/0x1520 [ 3856.201297] worker_thread+0x59e/0xf90 [ 3856.201760] kthread+0x2a4/0x350 [ 3856.202161] ret_from_fork+0x1f/0x30 [ 3856.202810] Second to last potentially related work creation: [ 3856.203499] kasan_save_stack+0x1e/0x40 [ 3856.203973] __kasan_record_aux_stack+0x96/0xb0 [ 3856.204523] kvfree_call_rcu+0x7d/0x840 [ 3856.204995] dma_resv_list_free.part.0+0xd4/0x130 [ 3856.205563] dma_resv_fini+0x38/0x50 [ 3856.206006] drm_gem_object_release+0x73/0x100 [drm] [ 3856.206642] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3856.207216] ttm_bo_release+0x688/0xbc0 [ttm] [ 3856.207755] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3856.208361] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3856.209016] process_one_work+0x8e2/0x1520 [ 3856.209513] worker_thread+0x59e/0xf90 [ 3856.209976] kthread+0x2a4/0x350 [ 3856.210377] ret_from_fork+0x1f/0x30 [ 3856.211025] The buggy address belongs to the object at ffff8880013ab400 which belongs to the cache kmalloc-256 of size 256 [ 3856.212479] The buggy address is located 234 bytes inside of 256-byte region [ffff8880013ab400, ffff8880013ab500) [ 3856.214064] The buggy address belongs to the physical page: [ 3856.214731] page:00000000332ddb05 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13ab [ 3856.215819] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.216634] raw: 000fffffc0000200 ffffea0004132e00 dead000000000006 ffff888100041b40 [ 3856.217545] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3856.218458] page dumped because: kasan: bad access detected [ 3856.219326] Memory state around the buggy address: [ 3856.219909] ffff8880013ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.220779] ffff8880013ab400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.221772] >ffff8880013ab480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 3856.222630] ^ [ 3856.223413] ffff8880013ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.224273] ffff8880013ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.225130] ================================================================== [ 3856.226008] ================================================================== [ 3856.226875] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3856.227909] Write of size 1 at addr ffff8880013ab4eb by task kunit_try_catch/116181 [ 3856.229021] CPU: 0 PID: 116181 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.230630] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.231323] Call Trace: [ 3856.231636] [ 3856.231910] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3856.232633] dump_stack_lvl+0x57/0x81 [ 3856.233084] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.233812] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3856.234568] print_report.cold+0x5c/0x237 [ 3856.235064] kasan_report+0xc9/0x100 [ 3856.235506] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3856.236231] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3856.236942] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3856.237543] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.238118] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.238691] ? lock_acquire+0x4ea/0x620 [ 3856.239162] ? rcu_read_unlock+0x40/0x40 [ 3856.239643] ? rcu_read_unlock+0x40/0x40 [ 3856.240123] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.240703] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.241370] ? do_raw_spin_lock+0x270/0x270 [ 3856.241882] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.242614] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.243220] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.243839] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.244432] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.245048] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.245782] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.246403] kthread+0x2a4/0x350 [ 3856.246809] ? kthread_complete_and_exit+0x20/0x20 [ 3856.247432] ret_from_fork+0x1f/0x30 [ 3856.247891] [ 3856.248377] Allocated by task 116181: [ 3856.248829] kasan_save_stack+0x1e/0x40 [ 3856.249300] __kasan_krealloc+0xee/0x160 [ 3856.249781] krealloc+0x50/0xe0 [ 3856.250176] krealloc_less_oob_helper+0x1d9/0xa20 [test_kasan] [ 3856.251031] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.251627] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.252429] kthread+0x2a4/0x350 [ 3856.252840] ret_from_fork+0x1f/0x30 [ 3856.253484] Last potentially related work creation: [ 3856.254076] kasan_save_stack+0x1e/0x40 [ 3856.254546] __kasan_record_aux_stack+0x96/0xb0 [ 3856.255103] kvfree_call_rcu+0x7d/0x840 [ 3856.255572] dma_resv_list_free.part.0+0xd4/0x130 [ 3856.256146] dma_resv_fini+0x38/0x50 [ 3856.256590] drm_gem_object_release+0x73/0x100 [drm] [ 3856.257233] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3856.257812] ttm_bo_release+0x688/0xbc0 [ttm] [ 3856.258350] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3856.258960] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3856.259623] process_one_work+0x8e2/0x1520 [ 3856.260121] worker_thread+0x59e/0xf90 [ 3856.260580] kthread+0x2a4/0x350 [ 3856.260988] ret_from_fork+0x1f/0x30 [ 3856.261637] Second to last potentially related work creation: [ 3856.262329] kasan_save_stack+0x1e/0x40 [ 3856.262801] __kasan_record_aux_stack+0x96/0xb0 [ 3856.263355] kvfree_call_rcu+0x7d/0x840 [ 3856.263835] dma_resv_list_free.part.0+0xd4/0x130 [ 3856.264406] dma_resv_fini+0x38/0x50 [ 3856.264853] drm_gem_object_release+0x73/0x100 [drm] [ 3856.265488] qxl_ttm_bo_destroy+0x17f/0x200 [qxl] [ 3856.266068] ttm_bo_release+0x688/0xbc0 [ttm] [ 3856.266606] ttm_bo_delayed_delete+0x312/0x550 [ttm] [ 3856.267246] ttm_device_delayed_workqueue+0x18/0x70 [ttm] [ 3856.267950] process_one_work+0x8e2/0x1520 [ 3856.268447] worker_thread+0x59e/0xf90 [ 3856.268941] kthread+0x2a4/0x350 [ 3856.269390] ret_from_fork+0x1f/0x30 [ 3856.270117] The buggy address belongs to the object at ffff8880013ab400 which belongs to the cache kmalloc-256 of size 256 [ 3856.271571] The buggy address is located 235 bytes inside of 256-byte region [ffff8880013ab400, ffff8880013ab500) [ 3856.273150] The buggy address belongs to the physical page: [ 3856.273844] page:00000000332ddb05 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13ab [ 3856.275039] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.275857] raw: 000fffffc0000200 ffffea0004132e00 dead000000000006 ffff888100041b40 [ 3856.276771] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3856.277685] page dumped because: kasan: bad access detected [ 3856.278551] Memory state around the buggy address: [ 3856.279132] ffff8880013ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.279991] ffff8880013ab400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.280974] >ffff8880013ab480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 3856.281867] ^ [ 3856.282711] ffff8880013ab500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.283586] ffff8880013ab580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.284444] ================================================================== [ 3856.287607] ok 11 - krealloc_less_oob [ 3856.293226] ================================================================== [ 3856.294595] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3856.295633] Write of size 1 at addr ffff888016ee20eb by task kunit_try_catch/116182 [ 3856.296826] CPU: 0 PID: 116182 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.298423] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.299114] Call Trace: [ 3856.299424] [ 3856.299700] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3856.300420] dump_stack_lvl+0x57/0x81 [ 3856.300877] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.301570] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3856.302292] print_report.cold+0x5c/0x237 [ 3856.302787] kasan_report+0xc9/0x100 [ 3856.303229] ? krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3856.303982] krealloc_more_oob_helper+0x5c3/0x610 [test_kasan] [ 3856.304771] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 3856.305442] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.306022] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.306589] ? lock_acquire+0x4ea/0x620 [ 3856.307061] ? rcu_read_unlock+0x40/0x40 [ 3856.307538] ? rcu_read_unlock+0x40/0x40 [ 3856.308049] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.308693] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.309388] ? do_raw_spin_lock+0x270/0x270 [ 3856.309900] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.310635] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.311408] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.312083] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.312695] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.313314] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.314046] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.314668] kthread+0x2a4/0x350 [ 3856.315071] ? kthread_complete_and_exit+0x20/0x20 [ 3856.315656] ret_from_fork+0x1f/0x30 [ 3856.316105] [ 3856.316589] The buggy address belongs to the physical page: [ 3856.317252] page:000000008755cf37 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16ee0 [ 3856.318342] head:000000008755cf37 order:2 compound_mapcount:0 compound_pincount:0 [ 3856.319227] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.320039] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3856.320955] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3856.321866] page dumped because: kasan: bad access detected [ 3856.322732] Memory state around the buggy address: [ 3856.323307] ffff888016ee1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.324164] ffff888016ee2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.325044] >ffff888016ee2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 3856.325898] ^ [ 3856.326680] ffff888016ee2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.327531] ffff888016ee2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.328384] ================================================================== [ 3856.329315] ================================================================== [ 3856.330182] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3856.331210] Write of size 1 at addr ffff888016ee20f0 by task kunit_try_catch/116182 [ 3856.332318] CPU: 0 PID: 116182 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.334088] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.334779] Call Trace: [ 3856.335088] [ 3856.335360] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3856.336083] dump_stack_lvl+0x57/0x81 [ 3856.336532] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.337230] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3856.337954] print_report.cold+0x5c/0x237 [ 3856.338443] kasan_report+0xc9/0x100 [ 3856.338891] ? krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3856.339616] krealloc_more_oob_helper+0x5b6/0x610 [test_kasan] [ 3856.340317] ? krealloc_less_oob+0x10/0x10 [test_kasan] [ 3856.341111] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.341709] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.342295] ? lock_acquire+0x4ea/0x620 [ 3856.342768] ? rcu_read_unlock+0x40/0x40 [ 3856.343245] ? rcu_read_unlock+0x40/0x40 [ 3856.343739] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.344312] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.344984] ? do_raw_spin_lock+0x270/0x270 [ 3856.345495] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.346252] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.346863] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.347477] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.348069] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.348681] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.349409] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.350032] kthread+0x2a4/0x350 [ 3856.350443] ? kthread_complete_and_exit+0x20/0x20 [ 3856.351035] ret_from_fork+0x1f/0x30 [ 3856.351484] [ 3856.351971] The buggy address belongs to the physical page: [ 3856.352632] page:000000008755cf37 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16ee0 [ 3856.353723] head:000000008755cf37 order:2 compound_mapcount:0 compound_pincount:0 [ 3856.354595] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.355423] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3856.356338] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3856.357256] page dumped because: kasan: bad access detected [ 3856.358122] Memory state around the buggy address: [ 3856.358720] ffff888016ee1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.359579] ffff888016ee2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.360435] >ffff888016ee2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 3856.361293] ^ [ 3856.362105] ffff888016ee2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.362963] ffff888016ee2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.363818] ================================================================== [ 3856.364838] ok 12 - krealloc_pagealloc_more_oob [ 3856.367230] ================================================================== [ 3856.368719] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3856.369881] Write of size 1 at addr ffff888016ee20c9 by task kunit_try_catch/116183 [ 3856.371206] CPU: 0 PID: 116183 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.372818] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.373507] Call Trace: [ 3856.373820] [ 3856.374094] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3856.374817] dump_stack_lvl+0x57/0x81 [ 3856.375273] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.375977] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3856.376705] print_report.cold+0x5c/0x237 [ 3856.377223] kasan_report+0xc9/0x100 [ 3856.377672] ? krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3856.378397] krealloc_less_oob_helper+0x9f1/0xa20 [test_kasan] [ 3856.379109] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3856.379717] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.380294] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.380868] ? lock_acquire+0x4ea/0x620 [ 3856.381337] ? rcu_read_unlock+0x40/0x40 [ 3856.381822] ? rcu_read_unlock+0x40/0x40 [ 3856.382300] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.382877] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.383545] ? do_raw_spin_lock+0x270/0x270 [ 3856.384060] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.384796] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.385396] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.386041] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.386638] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.387277] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.388016] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.388645] kthread+0x2a4/0x350 [ 3856.389049] ? kthread_complete_and_exit+0x20/0x20 [ 3856.389631] ret_from_fork+0x1f/0x30 [ 3856.390083] [ 3856.390571] The buggy address belongs to the physical page: [ 3856.391238] page:000000008755cf37 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16ee0 [ 3856.392431] head:000000008755cf37 order:2 compound_mapcount:0 compound_pincount:0 [ 3856.393370] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.394195] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3856.395145] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3856.396128] page dumped because: kasan: bad access detected [ 3856.397077] Memory state around the buggy address: [ 3856.397659] ffff888016ee1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.398517] ffff888016ee2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.399379] >ffff888016ee2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 3856.400330] ^ [ 3856.401350] ffff888016ee2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.402211] ffff888016ee2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.403073] ================================================================== [ 3856.404013] ================================================================== [ 3856.404927] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3856.405961] Write of size 1 at addr ffff888016ee20d0 by task kunit_try_catch/116183 [ 3856.407083] CPU: 0 PID: 116183 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.408697] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.409387] Call Trace: [ 3856.409700] [ 3856.409973] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3856.410702] dump_stack_lvl+0x57/0x81 [ 3856.411156] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.411853] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3856.412572] print_report.cold+0x5c/0x237 [ 3856.413072] kasan_report+0xc9/0x100 [ 3856.413516] ? krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3856.414247] krealloc_less_oob_helper+0x9e0/0xa20 [test_kasan] [ 3856.414956] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3856.415555] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.416132] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.416704] ? lock_acquire+0x4ea/0x620 [ 3856.417174] ? rcu_read_unlock+0x40/0x40 [ 3856.417660] ? rcu_read_unlock+0x40/0x40 [ 3856.418203] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.418865] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.419537] ? do_raw_spin_lock+0x270/0x270 [ 3856.420051] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.420787] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.421390] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.422034] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.422629] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.423240] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.423975] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.424593] kthread+0x2a4/0x350 [ 3856.425000] ? kthread_complete_and_exit+0x20/0x20 [ 3856.425574] ret_from_fork+0x1f/0x30 [ 3856.426043] [ 3856.426531] The buggy address belongs to the physical page: [ 3856.427199] page:000000008755cf37 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16ee0 [ 3856.428297] head:000000008755cf37 order:2 compound_mapcount:0 compound_pincount:0 [ 3856.429210] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.430031] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3856.431113] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3856.432038] page dumped because: kasan: bad access detected [ 3856.432921] Memory state around the buggy address: [ 3856.433497] ffff888016ee1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.434356] ffff888016ee2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.435217] >ffff888016ee2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 3856.436080] ^ [ 3856.436786] ffff888016ee2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.437642] ffff888016ee2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.438504] ================================================================== [ 3856.439377] ================================================================== [ 3856.440271] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3856.441307] Write of size 1 at addr ffff888016ee20da by task kunit_try_catch/116183 [ 3856.442420] CPU: 0 PID: 116183 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.444028] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.444721] Call Trace: [ 3856.445032] [ 3856.445306] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3856.446034] dump_stack_lvl+0x57/0x81 [ 3856.446488] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.447187] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3856.447911] print_report.cold+0x5c/0x237 [ 3856.448402] kasan_report+0xc9/0x100 [ 3856.448851] ? krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3856.449574] krealloc_less_oob_helper+0x9cf/0xa20 [test_kasan] [ 3856.454689] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3856.455293] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.455869] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.456440] ? lock_acquire+0x4ea/0x620 [ 3856.456914] ? rcu_read_unlock+0x40/0x40 [ 3856.457395] ? rcu_read_unlock+0x40/0x40 [ 3856.457880] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.458454] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.459128] ? do_raw_spin_lock+0x270/0x270 [ 3856.459643] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.460378] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.461136] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.461757] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.462354] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.462974] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.463710] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.464330] kthread+0x2a4/0x350 [ 3856.464737] ? kthread_complete_and_exit+0x20/0x20 [ 3856.465320] ret_from_fork+0x1f/0x30 [ 3856.465777] [ 3856.466274] The buggy address belongs to the physical page: [ 3856.466945] page:000000008755cf37 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16ee0 [ 3856.468038] head:000000008755cf37 order:2 compound_mapcount:0 compound_pincount:0 [ 3856.468964] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.469882] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3856.470814] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3856.471730] page dumped because: kasan: bad access detected [ 3856.472605] Memory state around the buggy address: [ 3856.473183] ffff888016ee1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.474043] ffff888016ee2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.474903] >ffff888016ee2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 3856.475763] ^ [ 3856.476489] ffff888016ee2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.477347] ffff888016ee2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.478209] ================================================================== [ 3856.479088] ================================================================== [ 3856.479964] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3856.480994] Write of size 1 at addr ffff888016ee20ea by task kunit_try_catch/116183 [ 3856.482109] CPU: 0 PID: 116183 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.483724] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.484412] Call Trace: [ 3856.484724] [ 3856.484995] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3856.485720] dump_stack_lvl+0x57/0x81 [ 3856.486171] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.486904] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3856.487716] print_report.cold+0x5c/0x237 [ 3856.488233] kasan_report+0xc9/0x100 [ 3856.488680] ? krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3856.489406] krealloc_less_oob_helper+0x9c2/0xa20 [test_kasan] [ 3856.490115] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3856.490798] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.491452] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.492073] ? lock_acquire+0x4ea/0x620 [ 3856.492545] ? rcu_read_unlock+0x40/0x40 [ 3856.493030] ? rcu_read_unlock+0x40/0x40 [ 3856.493509] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.494112] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.494785] ? do_raw_spin_lock+0x270/0x270 [ 3856.495297] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.496036] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.496639] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.497253] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.497848] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.498458] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.499198] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.499822] kthread+0x2a4/0x350 [ 3856.500227] ? kthread_complete_and_exit+0x20/0x20 [ 3856.500817] ret_from_fork+0x1f/0x30 [ 3856.501273] [ 3856.501747] The buggy address belongs to the physical page: [ 3856.502423] page:000000008755cf37 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16ee0 [ 3856.503520] head:000000008755cf37 order:2 compound_mapcount:0 compound_pincount:0 [ 3856.504409] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.505242] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3856.506159] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3856.507130] page dumped because: kasan: bad access detected [ 3856.508102] Memory state around the buggy address: [ 3856.508688] ffff888016ee1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.509544] ffff888016ee2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.510410] >ffff888016ee2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 3856.511272] ^ [ 3856.512059] ffff888016ee2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.512920] ffff888016ee2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.513779] ================================================================== [ 3856.514654] ================================================================== [ 3856.515518] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3856.516550] Write of size 1 at addr ffff888016ee20eb by task kunit_try_catch/116183 [ 3856.517670] CPU: 0 PID: 116183 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.519284] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.519983] Call Trace: [ 3856.520294] [ 3856.520566] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3856.521463] dump_stack_lvl+0x57/0x81 [ 3856.521921] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.522620] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3856.523344] print_report.cold+0x5c/0x237 [ 3856.523849] kasan_report+0xc9/0x100 [ 3856.524293] ? krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3856.525021] krealloc_less_oob_helper+0x9b5/0xa20 [test_kasan] [ 3856.525731] ? krealloc_uaf+0x450/0x450 [test_kasan] [ 3856.526335] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.526918] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.527473] ? lock_acquire+0x4ea/0x620 [ 3856.527960] ? rcu_read_unlock+0x40/0x40 [ 3856.528440] ? rcu_read_unlock+0x40/0x40 [ 3856.528926] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.529497] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.530169] ? do_raw_spin_lock+0x270/0x270 [ 3856.530691] ? kunit_binary_str_assert_format+0x3e0/0x3e0 [kunit] [ 3856.531446] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.532048] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.532664] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.533261] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.533877] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.534607] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.535229] kthread+0x2a4/0x350 [ 3856.535640] ? kthread_complete_and_exit+0x20/0x20 [ 3856.536223] ret_from_fork+0x1f/0x30 [ 3856.536678] [ 3856.537168] The buggy address belongs to the physical page: [ 3856.537831] page:000000008755cf37 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16ee0 [ 3856.538926] head:000000008755cf37 order:2 compound_mapcount:0 compound_pincount:0 [ 3856.539817] flags: 0xfffffc0010000(head|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.540632] raw: 000fffffc0010000 0000000000000000 dead000000000122 0000000000000000 [ 3856.541550] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3856.542463] page dumped because: kasan: bad access detected [ 3856.543336] Memory state around the buggy address: [ 3856.543922] ffff888016ee1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.544781] ffff888016ee2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.545652] >ffff888016ee2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 3856.546506] ^ [ 3856.547296] ffff888016ee2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.548160] ffff888016ee2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 3856.549019] ================================================================== [ 3856.550431] ok 13 - krealloc_pagealloc_less_oob [ 3856.555178] ================================================================== [ 3856.556658] BUG: KASAN: use-after-free in krealloc_uaf+0x1c7/0x450 [test_kasan] [ 3856.557534] Read of size 1 at addr ffff888017410a00 by task kunit_try_catch/116184 [ 3856.558655] CPU: 0 PID: 116184 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.560257] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.560948] Call Trace: [ 3856.561257] [ 3856.561528] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 3856.562133] dump_stack_lvl+0x57/0x81 [ 3856.562584] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.563282] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 3856.563886] print_report.cold+0x5c/0x237 [ 3856.564379] kasan_report+0xc9/0x100 [ 3856.564827] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 3856.565428] ? krealloc_uaf+0x1c7/0x450 [test_kasan] [ 3856.566031] __kasan_check_byte+0x36/0x50 [ 3856.566527] krealloc+0x2e/0xe0 [ 3856.566931] krealloc_uaf+0x1c7/0x450 [test_kasan] [ 3856.567515] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 3856.568286] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.568863] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.569436] ? lock_acquire+0x4ea/0x620 [ 3856.569912] ? rcu_read_unlock+0x40/0x40 [ 3856.570391] ? rcu_read_unlock+0x40/0x40 [ 3856.570871] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.571443] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.572116] ? do_raw_spin_lock+0x270/0x270 [ 3856.572631] ? trace_hardirqs_on+0x2d/0x160 [ 3856.573157] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.573762] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.574379] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.574975] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.575587] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.576327] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.576950] kthread+0x2a4/0x350 [ 3856.577353] ? kthread_complete_and_exit+0x20/0x20 [ 3856.577939] ret_from_fork+0x1f/0x30 [ 3856.578389] [ 3856.578878] Allocated by task 116184: [ 3856.579330] kasan_save_stack+0x1e/0x40 [ 3856.579802] __kasan_kmalloc+0x81/0xa0 [ 3856.580262] krealloc_uaf+0xaa/0x450 [test_kasan] [ 3856.580985] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.581578] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.582310] kthread+0x2a4/0x350 [ 3856.582714] ret_from_fork+0x1f/0x30 [ 3856.583360] Freed by task 116184: [ 3856.583775] kasan_save_stack+0x1e/0x40 [ 3856.584243] kasan_set_track+0x21/0x30 [ 3856.584703] kasan_set_free_info+0x20/0x40 [ 3856.585212] __kasan_slab_free+0x108/0x170 [ 3856.585726] slab_free_freelist_hook+0x11d/0x1d0 [ 3856.586288] kfree+0xe2/0x3c0 [ 3856.586666] krealloc_uaf+0x147/0x450 [test_kasan] [ 3856.587302] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.587963] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.588728] kthread+0x2a4/0x350 [ 3856.589131] ret_from_fork+0x1f/0x30 [ 3856.589782] Last potentially related work creation: [ 3856.590373] kasan_save_stack+0x1e/0x40 [ 3856.590851] __kasan_record_aux_stack+0x96/0xb0 [ 3856.591401] kvfree_call_rcu+0x7d/0x840 [ 3856.591872] dma_resv_reserve_fences+0x35d/0x680 [ 3856.592431] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3856.593099] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3856.593722] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3856.594297] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3856.594996] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3856.595829] process_one_work+0x8e2/0x1520 [ 3856.596327] worker_thread+0x59e/0xf90 [ 3856.596795] kthread+0x2a4/0x350 [ 3856.597197] ret_from_fork+0x1f/0x30 [ 3856.597845] Second to last potentially related work creation: [ 3856.598534] kasan_save_stack+0x1e/0x40 [ 3856.599004] __kasan_record_aux_stack+0x96/0xb0 [ 3856.599553] kvfree_call_rcu+0x7d/0x840 [ 3856.600027] dma_resv_reserve_fences+0x595/0x680 [ 3856.600593] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3856.601214] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3856.601836] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3856.602408] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3856.603096] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3856.603859] process_one_work+0x8e2/0x1520 [ 3856.604355] worker_thread+0x59e/0xf90 [ 3856.604815] kthread+0x2a4/0x350 [ 3856.605218] ret_from_fork+0x1f/0x30 [ 3856.605865] The buggy address belongs to the object at ffff888017410a00 which belongs to the cache kmalloc-256 of size 256 [ 3856.607317] The buggy address is located 0 bytes inside of 256-byte region [ffff888017410a00, ffff888017410b00) [ 3856.608899] The buggy address belongs to the physical page: [ 3856.609560] page:000000000a85c2d3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17410 [ 3856.610655] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.611617] raw: 000fffffc0000200 ffffea000060f240 dead000000000004 ffff888100041b40 [ 3856.612528] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3856.613440] page dumped because: kasan: bad access detected [ 3856.614309] Memory state around the buggy address: [ 3856.614888] ffff888017410900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.615745] ffff888017410980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.616599] >ffff888017410a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3856.617451] ^ [ 3856.617857] ffff888017410a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3856.618736] ffff888017410b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.619589] ================================================================== [ 3856.620497] ================================================================== [ 3856.621366] BUG: KASAN: use-after-free in krealloc_uaf+0x42e/0x450 [test_kasan] [ 3856.622230] Read of size 1 at addr ffff888017410a00 by task kunit_try_catch/116184 [ 3856.623333] CPU: 0 PID: 116184 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.624933] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.625624] Call Trace: [ 3856.625934] [ 3856.626197] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 3856.626802] dump_stack_lvl+0x57/0x81 [ 3856.627253] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.627948] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 3856.628547] print_report.cold+0x5c/0x237 [ 3856.629044] kasan_report+0xc9/0x100 [ 3856.629486] ? krealloc_uaf+0x42e/0x450 [test_kasan] [ 3856.630088] krealloc_uaf+0x42e/0x450 [test_kasan] [ 3856.630672] ? kmalloc_memmove_negative_size+0x290/0x290 [test_kasan] [ 3856.631438] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.632010] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.632581] ? lock_acquire+0x4ea/0x620 [ 3856.633055] ? rcu_read_unlock+0x40/0x40 [ 3856.633534] ? rcu_read_unlock+0x40/0x40 [ 3856.634027] ? rcu_read_lock_sched_held+0x12/0x80 [ 3856.634602] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.635268] ? do_raw_spin_lock+0x270/0x270 [ 3856.635781] ? kunit_ptr_not_err_assert_format+0x210/0x210 [kunit] [ 3856.636525] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.637131] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.637758] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.638330] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.638951] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.639703] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.640322] kthread+0x2a4/0x350 [ 3856.640736] ? kthread_complete_and_exit+0x20/0x20 [ 3856.641451] ret_from_fork+0x1f/0x30 [ 3856.641908] [ 3856.642397] Allocated by task 116184: [ 3856.642849] kasan_save_stack+0x1e/0x40 [ 3856.643317] __kasan_kmalloc+0x81/0xa0 [ 3856.643782] krealloc_uaf+0xaa/0x450 [test_kasan] [ 3856.644356] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.644949] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.645686] kthread+0x2a4/0x350 [ 3856.646087] ret_from_fork+0x1f/0x30 [ 3856.646740] Freed by task 116184: [ 3856.647154] kasan_save_stack+0x1e/0x40 [ 3856.647626] kasan_set_track+0x21/0x30 [ 3856.648086] kasan_set_free_info+0x20/0x40 [ 3856.648582] __kasan_slab_free+0x108/0x170 [ 3856.649083] slab_free_freelist_hook+0x11d/0x1d0 [ 3856.649645] kfree+0xe2/0x3c0 [ 3856.650018] krealloc_uaf+0x147/0x450 [test_kasan] [ 3856.650603] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.651193] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.651927] kthread+0x2a4/0x350 [ 3856.652328] ret_from_fork+0x1f/0x30 [ 3856.652978] Last potentially related work creation: [ 3856.653563] kasan_save_stack+0x1e/0x40 [ 3856.654042] __kasan_record_aux_stack+0x96/0xb0 [ 3856.654603] kvfree_call_rcu+0x7d/0x840 [ 3856.655071] dma_resv_reserve_fences+0x35d/0x680 [ 3856.655633] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3856.656256] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3856.656884] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3856.657457] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3856.658147] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3856.658992] process_one_work+0x8e2/0x1520 [ 3856.659556] worker_thread+0x59e/0xf90 [ 3856.660024] kthread+0x2a4/0x350 [ 3856.660428] ret_from_fork+0x1f/0x30 [ 3856.661077] Second to last potentially related work creation: [ 3856.661771] kasan_save_stack+0x1e/0x40 [ 3856.662239] __kasan_record_aux_stack+0x96/0xb0 [ 3856.662791] kvfree_call_rcu+0x7d/0x840 [ 3856.663259] dma_resv_reserve_fences+0x595/0x680 [ 3856.663824] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3856.664445] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3856.665070] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3856.665646] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3856.666329] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3856.667096] process_one_work+0x8e2/0x1520 [ 3856.667597] worker_thread+0x59e/0xf90 [ 3856.668057] kthread+0x2a4/0x350 [ 3856.668459] ret_from_fork+0x1f/0x30 [ 3856.669109] The buggy address belongs to the object at ffff888017410a00 which belongs to the cache kmalloc-256 of size 256 [ 3856.670562] The buggy address is located 0 bytes inside of 256-byte region [ffff888017410a00, ffff888017410b00) [ 3856.672340] The buggy address belongs to the physical page: [ 3856.673017] page:000000000a85c2d3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17410 [ 3856.674138] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.674951] raw: 000fffffc0000200 ffffea000060f240 dead000000000004 ffff888100041b40 [ 3856.675873] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 3856.676774] page dumped because: kasan: bad access detected [ 3856.677645] Memory state around the buggy address: [ 3856.678250] ffff888017410900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.679108] ffff888017410980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.679973] >ffff888017410a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3856.680824] ^ [ 3856.681228] ffff888017410a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3856.682084] ffff888017410b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.682941] ================================================================== [ 3856.683971] ok 14 - krealloc_uaf [ 3856.686513] ================================================================== [ 3856.687998] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 3856.688937] Write of size 16 at addr ffff8880479e7260 by task kunit_try_catch/116186 [ 3856.690062] CPU: 0 PID: 116186 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.691672] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.692359] Call Trace: [ 3856.692670] [ 3856.692943] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 3856.693568] dump_stack_lvl+0x57/0x81 [ 3856.694022] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.694724] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 3856.695344] print_report.cold+0x5c/0x237 [ 3856.695838] kasan_report+0xc9/0x100 [ 3856.696360] ? kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 3856.696982] kmalloc_oob_16+0x399/0x3b0 [test_kasan] [ 3856.697586] ? kmalloc_uaf_16+0x3b0/0x3b0 [test_kasan] [ 3856.698221] ? do_raw_spin_trylock+0xb5/0x180 [ 3856.698756] ? do_raw_spin_lock+0x270/0x270 [ 3856.699294] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.699963] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.700563] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.701321] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.701918] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.702530] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.703266] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.703888] kthread+0x2a4/0x350 [ 3856.704290] ? kthread_complete_and_exit+0x20/0x20 [ 3856.704874] ret_from_fork+0x1f/0x30 [ 3856.705325] [ 3856.705815] Allocated by task 116186: [ 3856.706269] kasan_save_stack+0x1e/0x40 [ 3856.706739] __kasan_kmalloc+0x81/0xa0 [ 3856.707196] kmalloc_oob_16+0xa4/0x3b0 [test_kasan] [ 3856.707788] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.708379] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.709106] kthread+0x2a4/0x350 [ 3856.709493] ret_from_fork+0x1f/0x30 [ 3856.710154] The buggy address belongs to the object at ffff8880479e7260 which belongs to the cache kmalloc-16 of size 16 [ 3856.711587] The buggy address is located 0 bytes inside of 16-byte region [ffff8880479e7260, ffff8880479e7270) [ 3856.713132] The buggy address belongs to the physical page: [ 3856.713795] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3856.714888] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.715706] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 3856.716620] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3856.717526] page dumped because: kasan: bad access detected [ 3856.718398] Memory state around the buggy address: [ 3856.718980] ffff8880479e7100: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 3856.719839] ffff8880479e7180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 3856.720700] >ffff8880479e7200: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 3856.721555] ^ [ 3856.722341] ffff8880479e7280: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 3856.723202] ffff8880479e7300: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3856.724056] ================================================================== [ 3856.725323] ok 15 - kmalloc_oob_16 [ 3856.728217] ================================================================== [ 3856.729562] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 3856.730452] Read of size 16 at addr ffff8880479e7a80 by task kunit_try_catch/116187 [ 3856.731742] CPU: 0 PID: 116187 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.733332] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.734022] Call Trace: [ 3856.734331] [ 3856.734604] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 3856.735222] dump_stack_lvl+0x57/0x81 [ 3856.735676] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.736365] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 3856.736984] print_report.cold+0x5c/0x237 [ 3856.737490] kasan_report+0xc9/0x100 [ 3856.737948] ? kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 3856.738566] kmalloc_uaf_16+0x38a/0x3b0 [test_kasan] [ 3856.739184] ? kmalloc_uaf+0x2b0/0x2b0 [test_kasan] [ 3856.739777] ? do_raw_spin_trylock+0xb5/0x180 [ 3856.740308] ? do_raw_spin_lock+0x270/0x270 [ 3856.740825] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.741499] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.742114] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.742731] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.743319] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.743929] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.744662] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.745280] kthread+0x2a4/0x350 [ 3856.745705] ? kthread_complete_and_exit+0x20/0x20 [ 3856.746284] ret_from_fork+0x1f/0x30 [ 3856.746737] [ 3856.747220] Allocated by task 116187: [ 3856.747674] kasan_save_stack+0x1e/0x40 [ 3856.748141] __kasan_kmalloc+0x81/0xa0 [ 3856.748604] kmalloc_uaf_16+0x15d/0x3b0 [test_kasan] [ 3856.749201] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.749811] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.750539] kthread+0x2a4/0x350 [ 3856.750943] ret_from_fork+0x1f/0x30 [ 3856.751588] Freed by task 116187: [ 3856.751998] kasan_save_stack+0x1e/0x40 [ 3856.752462] kasan_set_track+0x21/0x30 [ 3856.752921] kasan_set_free_info+0x20/0x40 [ 3856.753415] __kasan_slab_free+0x108/0x170 [ 3856.753941] slab_free_freelist_hook+0x11d/0x1d0 [ 3856.754499] kfree+0xe2/0x3c0 [ 3856.754874] kmalloc_uaf_16+0x1e8/0x3b0 [test_kasan] [ 3856.755472] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.756064] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.756797] kthread+0x2a4/0x350 [ 3856.757198] ret_from_fork+0x1f/0x30 [ 3856.757867] The buggy address belongs to the object at ffff8880479e7a80 which belongs to the cache kmalloc-16 of size 16 [ 3856.759293] The buggy address is located 0 bytes inside of 16-byte region [ffff8880479e7a80, ffff8880479e7a90) [ 3856.760980] The buggy address belongs to the physical page: [ 3856.761645] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3856.762736] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.763547] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 3856.764465] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3856.765364] page dumped because: kasan: bad access detected [ 3856.766229] Memory state around the buggy address: [ 3856.766802] ffff8880479e7980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3856.767651] ffff8880479e7a00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3856.768498] >ffff8880479e7a80: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 3856.769342] ^ [ 3856.769741] ffff8880479e7b00: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 3856.770590] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3856.771437] ================================================================== [ 3856.774113] ok 16 - kmalloc_uaf_16 [ 3856.777167] ================================================================== [ 3856.778604] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 3856.779607] Write of size 128 at addr ffff888022c73900 by task kunit_try_catch/116188 [ 3856.780736] CPU: 0 PID: 116188 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.782338] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.783026] Call Trace: [ 3856.783334] [ 3856.783613] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 3856.784305] dump_stack_lvl+0x57/0x81 [ 3856.784759] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.785448] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 3856.786142] print_report.cold+0x5c/0x237 [ 3856.786637] kasan_report+0xc9/0x100 [ 3856.787141] ? kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 3856.787885] kasan_check_range+0xfd/0x1e0 [ 3856.788371] memset+0x20/0x50 [ 3856.788749] kmalloc_oob_in_memset+0x1b3/0x280 [test_kasan] [ 3856.789412] ? kmalloc_oob_memset_2+0x290/0x290 [test_kasan] [ 3856.790100] ? do_raw_spin_trylock+0xb5/0x180 [ 3856.790637] ? do_raw_spin_lock+0x270/0x270 [ 3856.791295] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.791964] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.792561] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.793176] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.793769] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.794377] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.795108] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.795730] kthread+0x2a4/0x350 [ 3856.796133] ? kthread_complete_and_exit+0x20/0x20 [ 3856.796716] ret_from_fork+0x1f/0x30 [ 3856.797165] [ 3856.797652] Allocated by task 116188: [ 3856.798098] kasan_save_stack+0x1e/0x40 [ 3856.798564] __kasan_kmalloc+0x81/0xa0 [ 3856.799022] kmalloc_oob_in_memset+0x9c/0x280 [test_kasan] [ 3856.799680] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.800269] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.800998] kthread+0x2a4/0x350 [ 3856.801404] ret_from_fork+0x1f/0x30 [ 3856.802050] Last potentially related work creation: [ 3856.802634] kasan_save_stack+0x1e/0x40 [ 3856.803100] __kasan_record_aux_stack+0x96/0xb0 [ 3856.803652] kvfree_call_rcu+0x7d/0x840 [ 3856.804121] dma_resv_reserve_fences+0x35d/0x680 [ 3856.804684] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3856.805305] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3856.805926] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3856.806497] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3856.807182] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3856.807948] process_one_work+0x8e2/0x1520 [ 3856.808444] worker_thread+0x59e/0xf90 [ 3856.808902] kthread+0x2a4/0x350 [ 3856.809304] ret_from_fork+0x1f/0x30 [ 3856.809951] Second to last potentially related work creation: [ 3856.810640] kasan_save_stack+0x1e/0x40 [ 3856.811106] __kasan_record_aux_stack+0x96/0xb0 [ 3856.811661] kvfree_call_rcu+0x7d/0x840 [ 3856.812127] dma_resv_reserve_fences+0x35d/0x680 [ 3856.812691] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3856.813311] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3856.813933] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3856.814504] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3856.815188] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3856.815951] process_one_work+0x8e2/0x1520 [ 3856.816444] worker_thread+0x59e/0xf90 [ 3856.816903] kthread+0x2a4/0x350 [ 3856.817303] ret_from_fork+0x1f/0x30 [ 3856.817949] The buggy address belongs to the object at ffff888022c73900 which belongs to the cache kmalloc-128 of size 128 [ 3856.819394] The buggy address is located 0 bytes inside of 128-byte region [ffff888022c73900, ffff888022c73980) [ 3856.821135] The buggy address belongs to the physical page: [ 3856.821803] page:000000000cdf5d3d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22c73 [ 3856.822892] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.823706] raw: 000fffffc0000200 ffffea0000163cc0 dead000000000006 ffff8881000418c0 [ 3856.824617] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3856.825527] page dumped because: kasan: bad access detected [ 3856.826393] Memory state around the buggy address: [ 3856.826977] ffff888022c73800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3856.827832] ffff888022c73880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.828688] >ffff888022c73900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3856.829539] ^ [ 3856.830398] ffff888022c73980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.831262] ffff888022c73a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3856.832115] ================================================================== [ 3856.833123] ok 17 - kmalloc_oob_in_memset [ 3856.835283] ================================================================== [ 3856.836710] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 3856.842177] Write of size 2 at addr ffff888022c73677 by task kunit_try_catch/116189 [ 3856.843301] CPU: 0 PID: 116189 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.844913] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.845609] Call Trace: [ 3856.845918] [ 3856.846201] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 3856.846895] dump_stack_lvl+0x57/0x81 [ 3856.847347] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.848046] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 3856.848735] print_report.cold+0x5c/0x237 [ 3856.849225] kasan_report+0xc9/0x100 [ 3856.849678] ? kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 3856.850361] kasan_check_range+0xfd/0x1e0 [ 3856.850991] memset+0x20/0x50 [ 3856.851369] kmalloc_oob_memset_2+0x1b6/0x290 [test_kasan] [ 3856.852033] ? kmalloc_oob_memset_4+0x290/0x290 [test_kasan] [ 3856.852722] ? do_raw_spin_trylock+0xb5/0x180 [ 3856.853256] ? do_raw_spin_lock+0x270/0x270 [ 3856.853773] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.854441] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.855046] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.855749] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.856415] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.857086] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.857827] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.858451] kthread+0x2a4/0x350 [ 3856.858860] ? kthread_complete_and_exit+0x20/0x20 [ 3856.859442] ret_from_fork+0x1f/0x30 [ 3856.859896] [ 3856.860383] Allocated by task 116189: [ 3856.860837] kasan_save_stack+0x1e/0x40 [ 3856.861307] __kasan_kmalloc+0x81/0xa0 [ 3856.861769] kmalloc_oob_memset_2+0x9c/0x290 [test_kasan] [ 3856.862415] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.863012] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.863750] kthread+0x2a4/0x350 [ 3856.864155] ret_from_fork+0x1f/0x30 [ 3856.864806] Last potentially related work creation: [ 3856.865396] kasan_save_stack+0x1e/0x40 [ 3856.865865] __kasan_record_aux_stack+0x96/0xb0 [ 3856.866414] kvfree_call_rcu+0x7d/0x840 [ 3856.866883] dma_resv_reserve_fences+0x35d/0x680 [ 3856.867443] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3856.868068] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3856.868694] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3856.869326] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3856.870092] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3856.870947] process_one_work+0x8e2/0x1520 [ 3856.871473] worker_thread+0x59e/0xf90 [ 3856.871937] kthread+0x2a4/0x350 [ 3856.872337] ret_from_fork+0x1f/0x30 [ 3856.872988] The buggy address belongs to the object at ffff888022c73600 which belongs to the cache kmalloc-128 of size 128 [ 3856.874438] The buggy address is located 119 bytes inside of 128-byte region [ffff888022c73600, ffff888022c73680) [ 3856.876015] The buggy address belongs to the physical page: [ 3856.876682] page:000000000cdf5d3d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22c73 [ 3856.877779] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.878598] raw: 000fffffc0000200 ffffea0000163cc0 dead000000000006 ffff8881000418c0 [ 3856.879508] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3856.880421] page dumped because: kasan: bad access detected [ 3856.881445] Memory state around the buggy address: [ 3856.882028] ffff888022c73500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3856.882888] ffff888022c73580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.883755] >ffff888022c73600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3856.884624] ^ [ 3856.885474] ffff888022c73680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.886331] ffff888022c73700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3856.887258] ================================================================== [ 3856.888577] ok 18 - kmalloc_oob_memset_2 [ 3856.892515] ================================================================== [ 3856.893976] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 3856.894969] Write of size 4 at addr ffff888022c73d75 by task kunit_try_catch/116190 [ 3856.896089] CPU: 0 PID: 116190 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.897787] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.898482] Call Trace: [ 3856.898796] [ 3856.899071] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 3856.899764] dump_stack_lvl+0x57/0x81 [ 3856.900219] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.900927] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 3856.901620] print_report.cold+0x5c/0x237 [ 3856.902118] kasan_report+0xc9/0x100 [ 3856.902568] ? kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 3856.903257] kasan_check_range+0xfd/0x1e0 [ 3856.903752] memset+0x20/0x50 [ 3856.904128] kmalloc_oob_memset_4+0x1b6/0x290 [test_kasan] [ 3856.904792] ? kmalloc_oob_memset_8+0x290/0x290 [test_kasan] [ 3856.905475] ? do_raw_spin_trylock+0xb5/0x180 [ 3856.906011] ? do_raw_spin_lock+0x270/0x270 [ 3856.906523] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.907197] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.907805] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.908423] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.909027] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.909640] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.910373] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.911139] kthread+0x2a4/0x350 [ 3856.911543] ? kthread_complete_and_exit+0x20/0x20 [ 3856.912131] ret_from_fork+0x1f/0x30 [ 3856.912588] [ 3856.913077] Allocated by task 116190: [ 3856.913526] kasan_save_stack+0x1e/0x40 [ 3856.914001] __kasan_kmalloc+0x81/0xa0 [ 3856.914460] kmalloc_oob_memset_4+0x9c/0x290 [test_kasan] [ 3856.915112] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.915708] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.916437] kthread+0x2a4/0x350 [ 3856.916846] ret_from_fork+0x1f/0x30 [ 3856.917492] Last potentially related work creation: [ 3856.918086] kasan_save_stack+0x1e/0x40 [ 3856.918554] __kasan_record_aux_stack+0x96/0xb0 [ 3856.919108] kvfree_call_rcu+0x7d/0x840 [ 3856.919607] dma_resv_reserve_fences+0x35d/0x680 [ 3856.920171] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3856.920801] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3856.921422] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3856.922001] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3856.922688] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3856.923454] process_one_work+0x8e2/0x1520 [ 3856.923955] worker_thread+0x59e/0xf90 [ 3856.924413] kthread+0x2a4/0x350 [ 3856.924847] ret_from_fork+0x1f/0x30 [ 3856.925576] Second to last potentially related work creation: [ 3856.926340] kasan_save_stack+0x1e/0x40 [ 3856.926815] __kasan_record_aux_stack+0x96/0xb0 [ 3856.927375] kvfree_call_rcu+0x7d/0x840 [ 3856.927847] dma_resv_reserve_fences+0x35d/0x680 [ 3856.928408] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3856.929033] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3856.929684] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3856.930327] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3856.931106] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3856.931966] process_one_work+0x8e2/0x1520 [ 3856.932498] worker_thread+0x59e/0xf90 [ 3856.932959] kthread+0x2a4/0x350 [ 3856.933362] ret_from_fork+0x1f/0x30 [ 3856.934078] The buggy address belongs to the object at ffff888022c73d00 which belongs to the cache kmalloc-128 of size 128 [ 3856.935634] The buggy address is located 117 bytes inside of 128-byte region [ffff888022c73d00, ffff888022c73d80) [ 3856.937295] The buggy address belongs to the physical page: [ 3856.938004] page:000000000cdf5d3d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22c73 [ 3856.939099] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.939917] raw: 000fffffc0000200 ffffea0000163cc0 dead000000000006 ffff8881000418c0 [ 3856.941010] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3856.941926] page dumped because: kasan: bad access detected [ 3856.942809] Memory state around the buggy address: [ 3856.943386] ffff888022c73c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3856.944244] ffff888022c73c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.945105] >ffff888022c73d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3856.945966] ^ [ 3856.946819] ffff888022c73d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3856.947682] ffff888022c73e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3856.948537] ================================================================== [ 3856.949585] ok 19 - kmalloc_oob_memset_4 [ 3856.951209] ================================================================== [ 3856.952624] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 3856.953623] Write of size 8 at addr ffff888022c73071 by task kunit_try_catch/116191 [ 3856.954743] CPU: 0 PID: 116191 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3856.956355] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3856.957049] Call Trace: [ 3856.957360] [ 3856.957639] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 3856.958326] dump_stack_lvl+0x57/0x81 [ 3856.958784] print_address_description.constprop.0+0x1f/0x1e0 [ 3856.959476] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 3856.960164] print_report.cold+0x5c/0x237 [ 3856.960666] kasan_report+0xc9/0x100 [ 3856.961112] ? kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 3856.961805] kasan_check_range+0xfd/0x1e0 [ 3856.962291] memset+0x20/0x50 [ 3856.962672] kmalloc_oob_memset_8+0x1b6/0x290 [test_kasan] [ 3856.963329] ? kmalloc_oob_memset_16+0x290/0x290 [test_kasan] [ 3856.964028] ? do_raw_spin_trylock+0xb5/0x180 [ 3856.964570] ? do_raw_spin_lock+0x270/0x270 [ 3856.965083] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3856.965757] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3856.966361] ? kunit_add_resource+0x197/0x280 [kunit] [ 3856.966984] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.967585] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3856.968199] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.968942] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3856.969565] kthread+0x2a4/0x350 [ 3856.969970] ? kthread_complete_and_exit+0x20/0x20 [ 3856.970553] ret_from_fork+0x1f/0x30 [ 3856.971228] [ 3856.971784] Allocated by task 116191: [ 3856.972250] kasan_save_stack+0x1e/0x40 [ 3856.972722] __kasan_kmalloc+0x81/0xa0 [ 3856.973181] kmalloc_oob_memset_8+0x9c/0x290 [test_kasan] [ 3856.973833] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3856.974426] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3856.975167] kthread+0x2a4/0x350 [ 3856.975571] ret_from_fork+0x1f/0x30 [ 3856.976222] Last potentially related work creation: [ 3856.976811] kasan_save_stack+0x1e/0x40 [ 3856.977280] __kasan_record_aux_stack+0x96/0xb0 [ 3856.977857] kvfree_call_rcu+0x7d/0x840 [ 3856.978326] dma_resv_reserve_fences+0x35d/0x680 [ 3856.978960] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3856.979669] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3856.980314] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3856.980898] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3856.981584] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3856.982347] process_one_work+0x8e2/0x1520 [ 3856.982890] worker_thread+0x59e/0xf90 [ 3856.983407] kthread+0x2a4/0x350 [ 3856.983863] ret_from_fork+0x1f/0x30 [ 3856.984543] Second to last potentially related work creation: [ 3856.985237] kasan_save_stack+0x1e/0x40 [ 3856.985709] __kasan_record_aux_stack+0x96/0xb0 [ 3856.986262] kvfree_call_rcu+0x7d/0x840 [ 3856.986736] dma_resv_reserve_fences+0x35d/0x680 [ 3856.987371] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3856.988078] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3856.988782] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3856.989426] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3856.990206] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3856.991045] process_one_work+0x8e2/0x1520 [ 3856.991608] worker_thread+0x59e/0xf90 [ 3856.992092] kthread+0x2a4/0x350 [ 3856.992494] ret_from_fork+0x1f/0x30 [ 3856.993156] The buggy address belongs to the object at ffff888022c73000 which belongs to the cache kmalloc-128 of size 128 [ 3856.994635] The buggy address is located 113 bytes inside of 128-byte region [ffff888022c73000, ffff888022c73080) [ 3856.996417] The buggy address belongs to the physical page: [ 3856.997161] page:000000000cdf5d3d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22c73 [ 3856.998267] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3856.999083] raw: 000fffffc0000200 ffffea0000163cc0 dead000000000006 ffff8881000418c0 [ 3857.000000] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3857.001057] page dumped because: kasan: bad access detected [ 3857.001928] Memory state around the buggy address: [ 3857.002509] ffff888022c72f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3857.003370] ffff888022c72f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3857.004230] >ffff888022c73000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3857.005090] ^ [ 3857.005938] ffff888022c73080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3857.006799] ffff888022c73100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3857.007661] ================================================================== [ 3857.010337] ok 20 - kmalloc_oob_memset_8 [ 3857.015127] ================================================================== [ 3857.016540] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 3857.017543] Write of size 16 at addr ffff888022c73369 by task kunit_try_catch/116192 [ 3857.018668] CPU: 0 PID: 116192 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3857.020269] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3857.020960] Call Trace: [ 3857.021316] [ 3857.021611] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 3857.022313] dump_stack_lvl+0x57/0x81 [ 3857.022780] print_address_description.constprop.0+0x1f/0x1e0 [ 3857.023476] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 3857.024172] print_report.cold+0x5c/0x237 [ 3857.024669] kasan_report+0xc9/0x100 [ 3857.025114] ? kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 3857.025813] kasan_check_range+0xfd/0x1e0 [ 3857.026302] memset+0x20/0x50 [ 3857.026688] kmalloc_oob_memset_16+0x1b6/0x290 [test_kasan] [ 3857.027354] ? kmalloc_uaf_memset+0x280/0x280 [test_kasan] [ 3857.028016] ? do_raw_spin_trylock+0xb5/0x180 [ 3857.028557] ? do_raw_spin_lock+0x270/0x270 [ 3857.029071] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3857.029744] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3857.030343] ? kunit_add_resource+0x197/0x280 [kunit] [ 3857.031143] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.031805] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3857.032456] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.033189] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3857.033812] kthread+0x2a4/0x350 [ 3857.034214] ? kthread_complete_and_exit+0x20/0x20 [ 3857.034816] ret_from_fork+0x1f/0x30 [ 3857.035268] [ 3857.035764] Allocated by task 116192: [ 3857.036213] kasan_save_stack+0x1e/0x40 [ 3857.036686] __kasan_kmalloc+0x81/0xa0 [ 3857.037153] kmalloc_oob_memset_16+0x9c/0x290 [test_kasan] [ 3857.037816] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.038410] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.039144] kthread+0x2a4/0x350 [ 3857.039546] ret_from_fork+0x1f/0x30 [ 3857.040249] Last potentially related work creation: [ 3857.040894] kasan_save_stack+0x1e/0x40 [ 3857.041363] __kasan_record_aux_stack+0x96/0xb0 [ 3857.041922] kvfree_call_rcu+0x7d/0x840 [ 3857.042375] dma_resv_reserve_fences+0x35d/0x680 [ 3857.042949] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3857.043574] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3857.044196] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3857.044776] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3857.045461] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3857.046220] process_one_work+0x8e2/0x1520 [ 3857.046727] worker_thread+0x59e/0xf90 [ 3857.047186] kthread+0x2a4/0x350 [ 3857.047593] ret_from_fork+0x1f/0x30 [ 3857.048237] Second to last potentially related work creation: [ 3857.048925] kasan_save_stack+0x1e/0x40 [ 3857.049393] __kasan_record_aux_stack+0x96/0xb0 [ 3857.049948] kvfree_call_rcu+0x7d/0x840 [ 3857.050418] dma_resv_reserve_fences+0x35d/0x680 [ 3857.050981] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3857.051608] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3857.052234] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3857.052811] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3857.053498] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3857.054262] process_one_work+0x8e2/0x1520 [ 3857.054765] worker_thread+0x59e/0xf90 [ 3857.055225] kthread+0x2a4/0x350 [ 3857.055635] ret_from_fork+0x1f/0x30 [ 3857.056279] The buggy address belongs to the object at ffff888022c73300 which belongs to the cache kmalloc-128 of size 128 [ 3857.057736] The buggy address is located 105 bytes inside of 128-byte region [ffff888022c73300, ffff888022c73380) [ 3857.059326] The buggy address belongs to the physical page: [ 3857.059992] page:000000000cdf5d3d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22c73 [ 3857.061275] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3857.062132] raw: 000fffffc0000200 ffffea0000163cc0 dead000000000006 ffff8881000418c0 [ 3857.063053] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3857.063967] page dumped because: kasan: bad access detected [ 3857.064836] Memory state around the buggy address: [ 3857.065415] ffff888022c73200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3857.066276] ffff888022c73280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3857.067135] >ffff888022c73300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 3857.067991] ^ [ 3857.068860] ffff888022c73380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3857.069821] ffff888022c73400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3857.070788] ================================================================== [ 3857.072016] ok 21 - kmalloc_oob_memset_16 [ 3857.075253] ================================================================== [ 3857.076686] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 3857.077721] Read of size 18446744073709551614 at addr ffff88800687e404 by task kunit_try_catch/116193 [ 3857.079009] CPU: 0 PID: 116193 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3857.080613] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3857.081305] Call Trace: [ 3857.081619] [ 3857.081892] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 3857.082665] dump_stack_lvl+0x57/0x81 [ 3857.083116] print_address_description.constprop.0+0x1f/0x1e0 [ 3857.083816] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 3857.084590] print_report.cold+0x5c/0x237 [ 3857.085085] kasan_report+0xc9/0x100 [ 3857.085531] ? kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 3857.086317] kasan_check_range+0xfd/0x1e0 [ 3857.086808] memmove+0x20/0x60 [ 3857.087231] kmalloc_memmove_negative_size+0x1c4/0x290 [test_kasan] [ 3857.088082] ? kmalloc_memmove_invalid_size+0x2a0/0x2a0 [test_kasan] [ 3857.088940] ? do_raw_spin_trylock+0xb5/0x180 [ 3857.089500] ? do_raw_spin_lock+0x270/0x270 [ 3857.090056] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3857.090966] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3857.091574] ? kunit_add_resource+0x197/0x280 [kunit] [ 3857.092231] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.092900] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3857.093528] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.094265] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3857.094891] kthread+0x2a4/0x350 [ 3857.095295] ? kthread_complete_and_exit+0x20/0x20 [ 3857.095879] ret_from_fork+0x1f/0x30 [ 3857.096332] [ 3857.096824] Allocated by task 116193: [ 3857.097271] kasan_save_stack+0x1e/0x40 [ 3857.097747] __kasan_kmalloc+0x81/0xa0 [ 3857.098205] kmalloc_memmove_negative_size+0x9c/0x290 [test_kasan] [ 3857.098951] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.099541] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.100277] kthread+0x2a4/0x350 [ 3857.100684] ret_from_fork+0x1f/0x30 [ 3857.101329] The buggy address belongs to the object at ffff88800687e400 which belongs to the cache kmalloc-64 of size 64 [ 3857.102769] The buggy address is located 4 bytes inside of 64-byte region [ffff88800687e400, ffff88800687e440) [ 3857.104318] The buggy address belongs to the physical page: [ 3857.104981] page:00000000f6e351d3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x687e [ 3857.106069] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3857.106890] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff888100041640 [ 3857.107804] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 3857.108718] page dumped because: kasan: bad access detected [ 3857.109585] Memory state around the buggy address: [ 3857.110189] ffff88800687e300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.111052] ffff88800687e380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.111907] >ffff88800687e400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3857.112763] ^ [ 3857.113162] ffff88800687e480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.114019] ffff88800687e500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.114877] ================================================================== [ 3857.115883] ok 22 - kmalloc_memmove_negative_size [ 3857.118143] ================================================================== [ 3857.119789] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 3857.121165] Read of size 64 at addr ffff88800687eb84 by task kunit_try_catch/116194 [ 3857.122419] CPU: 0 PID: 116194 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3857.124135] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3857.124825] Call Trace: [ 3857.125136] [ 3857.125411] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 3857.126179] dump_stack_lvl+0x57/0x81 [ 3857.126640] print_address_description.constprop.0+0x1f/0x1e0 [ 3857.127340] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 3857.128104] print_report.cold+0x5c/0x237 [ 3857.128601] kasan_report+0xc9/0x100 [ 3857.129044] ? kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 3857.129810] kasan_check_range+0xfd/0x1e0 [ 3857.130301] memmove+0x20/0x60 [ 3857.130691] kmalloc_memmove_invalid_size+0x1cf/0x2a0 [test_kasan] [ 3857.131523] ? kmalloc_oob_in_memset+0x280/0x280 [test_kasan] [ 3857.132308] ? do_raw_spin_trylock+0xb5/0x180 [ 3857.132911] ? do_raw_spin_lock+0x270/0x270 [ 3857.133489] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3857.134198] ? kunit_add_resource+0x197/0x280 [kunit] [ 3857.134822] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.135424] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3857.136041] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.136775] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3857.137396] kthread+0x2a4/0x350 [ 3857.137804] ? kthread_complete_and_exit+0x20/0x20 [ 3857.138387] ret_from_fork+0x1f/0x30 [ 3857.138843] [ 3857.139332] Allocated by task 116194: [ 3857.139786] kasan_save_stack+0x1e/0x40 [ 3857.140256] __kasan_kmalloc+0x81/0xa0 [ 3857.140720] kmalloc_memmove_invalid_size+0xac/0x2a0 [test_kasan] [ 3857.141449] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.142064] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.142797] kthread+0x2a4/0x350 [ 3857.143199] ret_from_fork+0x1f/0x30 [ 3857.143846] The buggy address belongs to the object at ffff88800687eb80 which belongs to the cache kmalloc-64 of size 64 [ 3857.145365] The buggy address is located 4 bytes inside of 64-byte region [ffff88800687eb80, ffff88800687ebc0) [ 3857.146910] The buggy address belongs to the physical page: [ 3857.147576] page:00000000f6e351d3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x687e [ 3857.148655] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3857.149470] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff888100041640 [ 3857.150390] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 3857.151483] page dumped because: kasan: bad access detected [ 3857.152411] Memory state around the buggy address: [ 3857.152991] ffff88800687ea80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3857.153849] ffff88800687eb00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.154706] >ffff88800687eb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3857.155568] ^ [ 3857.156202] ffff88800687ec00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.157058] ffff88800687ec80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.157916] ================================================================== [ 3857.158836] ok 23 - kmalloc_memmove_invalid_size [ 3857.160148] ================================================================== [ 3857.161657] BUG: KASAN: use-after-free in kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 3857.162531] Read of size 1 at addr ffff888004ea72a8 by task kunit_try_catch/116195 [ 3857.163662] CPU: 0 PID: 116195 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3857.165277] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3857.165972] Call Trace: [ 3857.166284] [ 3857.166561] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 3857.167159] dump_stack_lvl+0x57/0x81 [ 3857.167615] print_address_description.constprop.0+0x1f/0x1e0 [ 3857.168311] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 3857.168937] print_report.cold+0x5c/0x237 [ 3857.169492] kasan_report+0xc9/0x100 [ 3857.169992] ? kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 3857.170666] kmalloc_uaf+0x286/0x2b0 [test_kasan] [ 3857.171269] ? kmalloc_uaf2+0x430/0x430 [test_kasan] [ 3857.171878] ? do_raw_spin_trylock+0xb5/0x180 [ 3857.172412] ? do_raw_spin_lock+0x270/0x270 [ 3857.172932] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3857.173694] ? kunit_add_resource+0x197/0x280 [kunit] [ 3857.174390] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.175032] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3857.175648] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.176381] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3857.177005] kthread+0x2a4/0x350 [ 3857.177410] ? kthread_complete_and_exit+0x20/0x20 [ 3857.177995] ret_from_fork+0x1f/0x30 [ 3857.178448] [ 3857.178940] Allocated by task 116195: [ 3857.179389] kasan_save_stack+0x1e/0x40 [ 3857.179864] __kasan_kmalloc+0x81/0xa0 [ 3857.180324] kmalloc_uaf+0x98/0x2b0 [test_kasan] [ 3857.181148] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.181746] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.182482] kthread+0x2a4/0x350 [ 3857.182887] ret_from_fork+0x1f/0x30 [ 3857.183552] Freed by task 116195: [ 3857.183961] kasan_save_stack+0x1e/0x40 [ 3857.184430] kasan_set_track+0x21/0x30 [ 3857.184895] kasan_set_free_info+0x20/0x40 [ 3857.185390] __kasan_slab_free+0x108/0x170 [ 3857.185890] slab_free_freelist_hook+0x11d/0x1d0 [ 3857.186458] kfree+0xe2/0x3c0 [ 3857.186879] kmalloc_uaf+0x12b/0x2b0 [test_kasan] [ 3857.187518] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.188194] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.189025] kthread+0x2a4/0x350 [ 3857.189475] ret_from_fork+0x1f/0x30 [ 3857.190216] The buggy address belongs to the object at ffff888004ea72a0 which belongs to the cache kmalloc-16 of size 16 [ 3857.191685] The buggy address is located 8 bytes inside of 16-byte region [ffff888004ea72a0, ffff888004ea72b0) [ 3857.193232] The buggy address belongs to the physical page: [ 3857.193896] page:0000000058681208 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ea7 [ 3857.194978] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3857.195799] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000413c0 [ 3857.196723] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3857.197638] page dumped because: kasan: bad access detected [ 3857.198503] Memory state around the buggy address: [ 3857.199085] ffff888004ea7180: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 3857.199945] ffff888004ea7200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3857.200804] >ffff888004ea7280: 00 00 fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc [ 3857.201659] ^ [ 3857.202209] ffff888004ea7300: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3857.203067] ffff888004ea7380: 00 00 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3857.203987] ================================================================== [ 3857.205214] ok 24 - kmalloc_uaf [ 3857.207436] ================================================================== [ 3857.208753] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 3857.209684] Write of size 33 at addr ffff88800687e480 by task kunit_try_catch/116196 [ 3857.210880] CPU: 0 PID: 116196 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3857.212484] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3857.213174] Call Trace: [ 3857.213482] [ 3857.213759] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 3857.214413] dump_stack_lvl+0x57/0x81 [ 3857.214867] print_address_description.constprop.0+0x1f/0x1e0 [ 3857.215561] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 3857.216215] print_report.cold+0x5c/0x237 [ 3857.216712] kasan_report+0xc9/0x100 [ 3857.217160] ? kmalloc_uaf_memset+0xc1/0x280 [test_kasan] [ 3857.217809] ? kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 3857.218464] kasan_check_range+0xfd/0x1e0 [ 3857.218955] memset+0x20/0x50 [ 3857.219332] kmalloc_uaf_memset+0x1b4/0x280 [test_kasan] [ 3857.219972] ? kmem_cache_accounted+0x170/0x170 [test_kasan] [ 3857.220654] ? do_raw_spin_trylock+0xb5/0x180 [ 3857.221184] ? do_raw_spin_lock+0x270/0x270 [ 3857.221699] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3857.222366] ? kunit_add_resource+0x197/0x280 [kunit] [ 3857.222982] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.223580] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3857.224189] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.224920] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3857.243215] kthread+0x2a4/0x350 [ 3857.243792] ? kthread_complete_and_exit+0x20/0x20 [ 3857.244380] ret_from_fork+0x1f/0x30 [ 3857.244856] [ 3857.245365] Allocated by task 116196: [ 3857.245838] kasan_save_stack+0x1e/0x40 [ 3857.246327] __kasan_kmalloc+0x81/0xa0 [ 3857.246789] kmalloc_uaf_memset+0x9a/0x280 [test_kasan] [ 3857.247444] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.248043] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.248777] kthread+0x2a4/0x350 [ 3857.249177] ret_from_fork+0x1f/0x30 [ 3857.249824] Freed by task 116196: [ 3857.250233] kasan_save_stack+0x1e/0x40 [ 3857.250704] kasan_set_track+0x21/0x30 [ 3857.251162] kasan_set_free_info+0x20/0x40 [ 3857.251664] __kasan_slab_free+0x108/0x170 [ 3857.252159] slab_free_freelist_hook+0x11d/0x1d0 [ 3857.252726] kfree+0xe2/0x3c0 [ 3857.253101] kmalloc_uaf_memset+0x137/0x280 [test_kasan] [ 3857.253740] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.254331] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.255061] kthread+0x2a4/0x350 [ 3857.255462] ret_from_fork+0x1f/0x30 [ 3857.256113] Last potentially related work creation: [ 3857.256701] kasan_save_stack+0x1e/0x40 [ 3857.257169] __kasan_record_aux_stack+0x96/0xb0 [ 3857.257720] kvfree_call_rcu+0x7d/0x840 [ 3857.258202] dma_resv_reserve_fences+0x35d/0x680 [ 3857.258793] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3857.259416] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3857.260043] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3857.260619] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3857.261303] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3857.262069] process_one_work+0x8e2/0x1520 [ 3857.262574] worker_thread+0x59e/0xf90 [ 3857.263034] kthread+0x2a4/0x350 [ 3857.263436] ret_from_fork+0x1f/0x30 [ 3857.264084] The buggy address belongs to the object at ffff88800687e480 which belongs to the cache kmalloc-64 of size 64 [ 3857.265521] The buggy address is located 0 bytes inside of 64-byte region [ffff88800687e480, ffff88800687e4c0) [ 3857.267072] The buggy address belongs to the physical page: [ 3857.267771] page:00000000f6e351d3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x687e [ 3857.268877] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3857.269713] raw: 000fffffc0000200 dead000000000100 dead000000000122 ffff888100041640 [ 3857.270635] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 3857.271550] page dumped because: kasan: bad access detected [ 3857.272418] Memory state around the buggy address: [ 3857.273235] ffff88800687e380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.274129] ffff88800687e400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.275036] >ffff88800687e480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.275893] ^ [ 3857.276294] ffff88800687e500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.277160] ffff88800687e580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3857.278021] ================================================================== [ 3857.283768] ok 25 - kmalloc_uaf_memset [ 3857.288400] ================================================================== [ 3857.289929] BUG: KASAN: use-after-free in kmalloc_uaf2+0x402/0x430 [test_kasan] [ 3857.290811] Read of size 1 at addr ffff88800feff7a8 by task kunit_try_catch/116197 [ 3857.291931] CPU: 0 PID: 116197 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3857.293544] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3857.294239] Call Trace: [ 3857.294563] [ 3857.294836] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 3857.295437] dump_stack_lvl+0x57/0x81 [ 3857.295923] print_address_description.constprop.0+0x1f/0x1e0 [ 3857.296619] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 3857.297220] print_report.cold+0x5c/0x237 [ 3857.297745] kasan_report+0xc9/0x100 [ 3857.298189] ? kmalloc_uaf2+0x402/0x430 [test_kasan] [ 3857.298793] kmalloc_uaf2+0x402/0x430 [test_kasan] [ 3857.299376] ? kfree_via_page+0x290/0x290 [test_kasan] [ 3857.300001] ? rcu_read_lock_sched_held+0x12/0x80 [ 3857.300586] ? lock_acquire+0x4ea/0x620 [ 3857.301063] ? rcu_read_unlock+0x40/0x40 [ 3857.301545] ? rcu_read_unlock+0x40/0x40 [ 3857.302031] ? rcu_read_lock_sched_held+0x12/0x80 [ 3857.302608] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3857.303409] ? do_raw_spin_lock+0x270/0x270 [ 3857.303931] ? trace_hardirqs_on+0x2d/0x160 [ 3857.304451] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3857.305068] ? kunit_add_resource+0x197/0x280 [kunit] [ 3857.305688] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.306281] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3857.306895] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.307628] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3857.308332] kthread+0x2a4/0x350 [ 3857.308796] ? kthread_complete_and_exit+0x20/0x20 [ 3857.309378] ret_from_fork+0x1f/0x30 [ 3857.309842] [ 3857.310330] Allocated by task 116197: [ 3857.310780] kasan_save_stack+0x1e/0x40 [ 3857.311248] __kasan_kmalloc+0x81/0xa0 [ 3857.311709] kmalloc_uaf2+0xad/0x430 [test_kasan] [ 3857.312282] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.312876] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.313612] kthread+0x2a4/0x350 [ 3857.314015] ret_from_fork+0x1f/0x30 [ 3857.314668] Freed by task 116197: [ 3857.315078] kasan_save_stack+0x1e/0x40 [ 3857.315548] kasan_set_track+0x21/0x30 [ 3857.316006] kasan_set_free_info+0x20/0x40 [ 3857.316503] __kasan_slab_free+0x108/0x170 [ 3857.316999] slab_free_freelist_hook+0x11d/0x1d0 [ 3857.317563] kfree+0xe2/0x3c0 [ 3857.317939] kmalloc_uaf2+0x144/0x430 [test_kasan] [ 3857.318522] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.319118] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.319851] kthread+0x2a4/0x350 [ 3857.320253] ret_from_fork+0x1f/0x30 [ 3857.320906] The buggy address belongs to the object at ffff88800feff780 which belongs to the cache kmalloc-64 of size 64 [ 3857.322338] The buggy address is located 40 bytes inside of 64-byte region [ffff88800feff780, ffff88800feff7c0) [ 3857.323894] The buggy address belongs to the physical page: [ 3857.324562] page:00000000bc568107 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xfeff [ 3857.325644] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3857.326510] raw: 000fffffc0000200 ffffea00005c79c0 dead000000000005 ffff888100041640 [ 3857.327427] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 3857.328339] page dumped because: kasan: bad access detected [ 3857.329256] Memory state around the buggy address: [ 3857.329889] ffff88800feff680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 3857.330801] ffff88800feff700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.331662] >ffff88800feff780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.332519] ^ [ 3857.333244] ffff88800feff800: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.334105] ffff88800feff880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 3857.334967] ================================================================== [ 3857.336151] ok 26 - kmalloc_uaf2 [ 3857.339224] ok 27 - kfree_via_page [ 3857.341243] ok 28 - kfree_via_phys [ 3857.343787] ================================================================== [ 3857.345132] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 3857.346071] Read of size 1 at addr ffff8880173b12d8 by task kunit_try_catch/116200 [ 3857.347178] CPU: 0 PID: 116200 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3857.348788] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3857.349475] Call Trace: [ 3857.349788] [ 3857.350060] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 3857.350684] dump_stack_lvl+0x57/0x81 [ 3857.351137] print_address_description.constprop.0+0x1f/0x1e0 [ 3857.351836] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 3857.352456] print_report.cold+0x5c/0x237 [ 3857.352951] kasan_report+0xc9/0x100 [ 3857.353396] ? kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 3857.354024] kmem_cache_oob+0x2d4/0x2e0 [test_kasan] [ 3857.354632] ? kmem_cache_double_free+0x280/0x280 [test_kasan] [ 3857.355335] ? do_raw_spin_trylock+0xb5/0x180 [ 3857.355873] ? do_raw_spin_lock+0x270/0x270 [ 3857.356390] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3857.357067] ? kunit_add_resource+0x197/0x280 [kunit] [ 3857.357685] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.358279] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3857.358894] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.359630] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3857.360252] kthread+0x2a4/0x350 [ 3857.360663] ? kthread_complete_and_exit+0x20/0x20 [ 3857.361243] ret_from_fork+0x1f/0x30 [ 3857.361699] [ 3857.362186] Allocated by task 116200: [ 3857.362638] kasan_save_stack+0x1e/0x40 [ 3857.363339] __kasan_slab_alloc+0x66/0x80 [ 3857.363831] kmem_cache_alloc+0x161/0x310 [ 3857.364318] kmem_cache_oob+0x121/0x2e0 [test_kasan] [ 3857.364925] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3857.365517] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3857.366252] kthread+0x2a4/0x350 [ 3857.366660] ret_from_fork+0x1f/0x30 [ 3857.367306] The buggy address belongs to the object at ffff8880173b1210 which belongs to the cache test_cache of size 200 [ 3857.368794] The buggy address is located 0 bytes to the right of 200-byte region [ffff8880173b1210, ffff8880173b12d8) [ 3857.370607] The buggy address belongs to the physical page: [ 3857.371330] page:000000008eb243a5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x173b1 [ 3857.372579] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3857.373512] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff88810ad51140 [ 3857.374491] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 3857.375407] page dumped because: kasan: bad access detected [ 3857.376279] Memory state around the buggy address: [ 3857.376861] ffff8880173b1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3857.377720] ffff8880173b1200: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3857.378575] >ffff8880173b1280: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 3857.379425] ^ [ 3857.380153] ffff8880173b1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3857.381009] ffff8880173b1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3857.381864] ================================================================== [ 3857.493448] ok 29 - kmem_cache_oob [ 3858.029354] ok 30 - kmem_cache_accounted [ 3858.085378] ok 31 - kmem_cache_bulk [ 3858.088191] ================================================================== [ 3858.089563] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 3858.090731] Read of size 1 at addr ffffffffc186290d by task kunit_try_catch/116204 [ 3858.091886] CPU: 0 PID: 116204 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.093529] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.094292] Call Trace: [ 3858.094607] [ 3858.094879] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 3858.095589] dump_stack_lvl+0x57/0x81 [ 3858.096047] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.096749] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 3858.097451] print_report.cold+0x5c/0x237 [ 3858.097949] kasan_report+0xc9/0x100 [ 3858.098397] ? kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 3858.099110] kasan_global_oob_right+0x1df/0x1f0 [test_kasan] [ 3858.099803] ? kasan_stack_oob+0x200/0x200 [test_kasan] [ 3858.100446] ? do_raw_spin_trylock+0xb5/0x180 [ 3858.100980] ? do_raw_spin_lock+0x270/0x270 [ 3858.101495] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.102165] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.102781] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.103375] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.103992] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.104726] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.105348] kthread+0x2a4/0x350 [ 3858.105752] ? kthread_complete_and_exit+0x20/0x20 [ 3858.106333] ret_from_fork+0x1f/0x30 [ 3858.106788] [ 3858.107278] The buggy address belongs to the variable: [ 3858.107891] global_array+0xd/0xfffffffffffe5700 [test_kasan] [ 3858.108796] Memory state around the buggy address: [ 3858.109372] ffffffffc1862800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3858.110238] ffffffffc1862880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3858.111096] >ffffffffc1862900: 00 02 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 3858.111958] ^ [ 3858.112388] ffffffffc1862980: 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 [ 3858.113400] ffffffffc1862a00: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 3858.114268] ================================================================== [ 3858.117554] ok 32 - kasan_global_oob_right [ 3858.120062] ok 33 - kasan_global_oob_left # SKIP Test requires CONFIG_CC_IS_CLANG=y [ 3858.122105] ================================================================== [ 3858.123936] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 3858.124894] Read of size 1 at addr ffffc90002607e7a by task kunit_try_catch/116206 [ 3858.126009] CPU: 0 PID: 116206 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.127619] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.128310] Call Trace: [ 3858.128625] [ 3858.128900] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 3858.129539] dump_stack_lvl+0x57/0x81 [ 3858.129996] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.130696] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 3858.131328] print_report.cold+0x5c/0x237 [ 3858.131825] kasan_report+0xc9/0x100 [ 3858.132272] ? kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 3858.132912] kasan_stack_oob+0x1eb/0x200 [test_kasan] [ 3858.133532] ? match_all_mem_tag+0x20/0x20 [test_kasan] [ 3858.134165] ? rcu_read_unlock+0x40/0x40 [ 3858.134651] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.135231] ? do_raw_spin_trylock+0xb5/0x180 [ 3858.135771] ? do_raw_spin_lock+0x270/0x270 [ 3858.136291] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.136969] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3858.137576] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.138196] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.138794] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.139408] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.140146] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.140774] kthread+0x2a4/0x350 [ 3858.141180] ? kthread_complete_and_exit+0x20/0x20 [ 3858.141774] ret_from_fork+0x1f/0x30 [ 3858.142230] [ 3858.142861] The buggy address belongs to stack of task kunit_try_catch/116206 [ 3858.143757] and is located at offset 266 in frame: [ 3858.144347] kasan_stack_oob+0x0/0x200 [test_kasan] [ 3858.145152] This frame has 4 objects: [ 3858.145609] [48, 56) 'array' [ 3858.145612] [80, 128) '__assertion' [ 3858.145988] [160, 224) '__assertion' [ 3858.146430] [256, 266) 'stack_array' [ 3858.147543] The buggy address belongs to the virtual mapping at [ffffc90002600000, ffffc90002609000) created by: dup_task_struct+0x5e/0x5a0 [ 3858.149558] The buggy address belongs to the physical page: [ 3858.150221] page:00000000b2b34b2b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10571e [ 3858.151327] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [ 3858.152108] raw: 0017ffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 3858.153037] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3858.154003] page dumped because: kasan: bad access detected [ 3858.154986] Memory state around the buggy address: [ 3858.155570] ffffc90002607d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 3858.156433] ffffc90002607d80: f1 f1 f1 f1 00 f2 f2 f2 00 00 00 00 00 00 f2 f2 [ 3858.157300] >ffffc90002607e00: f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 02 [ 3858.158161] ^ [ 3858.159013] ffffc90002607e80: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3858.159878] ffffc90002607f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3858.160741] ================================================================== [ 3858.161814] ok 34 - kasan_stack_oob [ 3858.164051] ================================================================== [ 3858.165408] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 3858.166435] Read of size 1 at addr ffffc9000120fd1f by task kunit_try_catch/116207 [ 3858.167547] CPU: 0 PID: 116207 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.169244] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.170034] Call Trace: [ 3858.170382] [ 3858.170692] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 3858.171406] dump_stack_lvl+0x57/0x81 [ 3858.171865] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.172637] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 3858.173452] print_report.cold+0x5c/0x237 [ 3858.174007] kasan_report+0xc9/0x100 [ 3858.174454] ? kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 3858.175158] kasan_alloca_oob_left+0x27d/0x2a0 [test_kasan] [ 3858.175835] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.176409] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.176988] ? lock_acquire+0x4ea/0x620 [ 3858.177465] ? kasan_alloca_oob_right+0x290/0x290 [test_kasan] [ 3858.178168] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.178751] ? do_raw_spin_trylock+0xb5/0x180 [ 3858.179289] ? do_raw_spin_lock+0x270/0x270 [ 3858.179808] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.180481] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3858.181086] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.181708] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.182304] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.182922] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.183658] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.184278] kthread+0x2a4/0x350 [ 3858.184685] ? kthread_complete_and_exit+0x20/0x20 [ 3858.185270] ret_from_fork+0x1f/0x30 [ 3858.185728] [ 3858.186218] The buggy address belongs to stack of task kunit_try_catch/116207 [ 3858.187284] The buggy address belongs to the virtual mapping at [ffffc90001208000, ffffc90001211000) created by: dup_task_struct+0x5e/0x5a0 [ 3858.189305] The buggy address belongs to the physical page: [ 3858.189971] page:00000000f317a0b9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1749a [ 3858.191073] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 3858.191844] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 3858.192766] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3858.193684] page dumped because: kasan: bad access detected [ 3858.194689] Memory state around the buggy address: [ 3858.195305] ffffc9000120fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3858.196168] ffffc9000120fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3858.197028] >ffffc9000120fd00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00 [ 3858.197889] ^ [ 3858.198377] ffffc9000120fd80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00 [ 3858.199240] ffffc9000120fe00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 [ 3858.200108] ================================================================== [ 3858.201306] ok 35 - kasan_alloca_oob_left [ 3858.204109] ================================================================== [ 3858.205535] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 3858.206572] Read of size 1 at addr ffffc90002617d2a by task kunit_try_catch/116208 [ 3858.207685] CPU: 0 PID: 116208 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.209296] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.209998] Call Trace: [ 3858.210310] [ 3858.210587] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 3858.211298] dump_stack_lvl+0x57/0x81 [ 3858.211757] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.212450] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 3858.213162] print_report.cold+0x5c/0x237 [ 3858.213658] kasan_report+0xc9/0x100 [ 3858.214104] ? kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 3858.214816] kasan_alloca_oob_right+0x275/0x290 [test_kasan] [ 3858.215510] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.216085] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.216663] ? lock_acquire+0x4ea/0x620 [ 3858.217138] ? ksize_unpoisons_memory+0x300/0x300 [test_kasan] [ 3858.217843] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.218419] ? do_raw_spin_trylock+0xb5/0x180 [ 3858.218960] ? do_raw_spin_lock+0x270/0x270 [ 3858.219475] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.220146] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3858.220754] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.221371] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.221971] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.222591] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.223323] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.223949] kthread+0x2a4/0x350 [ 3858.224355] ? kthread_complete_and_exit+0x20/0x20 [ 3858.224941] ret_from_fork+0x1f/0x30 [ 3858.225396] [ 3858.225945] The buggy address belongs to stack of task kunit_try_catch/116208 [ 3858.227052] The buggy address belongs to the virtual mapping at [ffffc90002610000, ffffc90002619000) created by: dup_task_struct+0x5e/0x5a0 [ 3858.229072] The buggy address belongs to the physical page: [ 3858.229742] page:000000000baabd95 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1723d [ 3858.230844] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 3858.231617] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 3858.232634] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3858.233712] page dumped because: kasan: bad access detected [ 3858.234690] Memory state around the buggy address: [ 3858.235271] ffffc90002617c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3858.236133] ffffc90002617c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3858.236998] >ffffc90002617d00: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 00 00 [ 3858.237858] ^ [ 3858.238412] ffffc90002617d80: f1 f1 f1 f1 04 f2 00 f2 f2 f2 00 00 00 00 00 00 [ 3858.239273] ffffc90002617e00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 [ 3858.240133] ================================================================== [ 3858.241170] ok 36 - kasan_alloca_oob_right [ 3858.243059] ================================================================== [ 3858.244661] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 3858.245724] Read of size 1 at addr ffff888017735980 by task kunit_try_catch/116209 [ 3858.246835] CPU: 0 PID: 116209 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.248441] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.249137] Call Trace: [ 3858.249447] [ 3858.249728] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 3858.250437] dump_stack_lvl+0x57/0x81 [ 3858.250892] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.251595] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 3858.252298] print_report.cold+0x5c/0x237 [ 3858.252795] kasan_report+0xc9/0x100 [ 3858.253241] ? ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 3858.253952] ksize_unpoisons_memory+0x2cf/0x300 [test_kasan] [ 3858.254643] ? ksize_uaf+0x4a0/0x4a0 [test_kasan] [ 3858.255221] ? do_raw_spin_trylock+0xb5/0x180 [ 3858.255762] ? do_raw_spin_lock+0x270/0x270 [ 3858.256274] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.256950] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.257577] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.258174] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.258792] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.259529] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.260153] kthread+0x2a4/0x350 [ 3858.260563] ? kthread_complete_and_exit+0x20/0x20 [ 3858.261146] ret_from_fork+0x1f/0x30 [ 3858.261602] [ 3858.262089] Allocated by task 116209: [ 3858.262624] kasan_save_stack+0x1e/0x40 [ 3858.263095] __kasan_kmalloc+0x81/0xa0 [ 3858.263561] ksize_unpoisons_memory+0x9a/0x300 [test_kasan] [ 3858.264229] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.264827] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.265567] kthread+0x2a4/0x350 [ 3858.265970] ret_from_fork+0x1f/0x30 [ 3858.266625] Last potentially related work creation: [ 3858.267224] kasan_save_stack+0x1e/0x40 [ 3858.267696] __kasan_record_aux_stack+0x96/0xb0 [ 3858.268252] kvfree_call_rcu+0x7d/0x840 [ 3858.268755] drop_sysctl_table+0x338/0x460 [ 3858.269332] unregister_sysctl_table+0x9c/0x180 [ 3858.269957] xfrm6_net_exit+0x5d/0x90 [ 3858.270495] ops_exit_list+0x99/0x170 [ 3858.270992] cleanup_net+0x42b/0x9a0 [ 3858.271435] process_one_work+0x8e2/0x1520 [ 3858.271985] worker_thread+0x59e/0xf90 [ 3858.272502] kthread+0x2a4/0x350 [ 3858.272952] ret_from_fork+0x1f/0x30 [ 3858.273684] The buggy address belongs to the object at ffff888017735900 which belongs to the cache kmalloc-128 of size 128 [ 3858.275208] The buggy address is located 0 bytes to the right of 128-byte region [ffff888017735900, ffff888017735980) [ 3858.276877] The buggy address belongs to the physical page: [ 3858.277546] page:0000000057c6309b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17735 [ 3858.278646] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3858.279467] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0 [ 3858.280387] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3858.281301] page dumped because: kasan: bad access detected [ 3858.282273] Memory state around the buggy address: [ 3858.282924] ffff888017735880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.283889] ffff888017735900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3858.284847] >ffff888017735980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.285813] ^ [ 3858.286263] ffff888017735a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.287235] ffff888017735a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.288199] ================================================================== [ 3858.289524] ok 37 - ksize_unpoisons_memory [ 3858.292134] ================================================================== [ 3858.294079] BUG: KASAN: use-after-free in ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 3858.295035] Read of size 1 at addr ffff888017735a00 by task kunit_try_catch/116210 [ 3858.296281] CPU: 0 PID: 116210 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.298098] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.298877] Call Trace: [ 3858.299227] [ 3858.299539] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 3858.300185] dump_stack_lvl+0x57/0x81 [ 3858.300703] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.301493] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 3858.302137] print_report.cold+0x5c/0x237 [ 3858.302699] kasan_report+0xc9/0x100 [ 3858.303197] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 3858.303844] ? ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 3858.304493] __kasan_check_byte+0x36/0x50 [ 3858.305044] ksize+0x1b/0x50 [ 3858.305467] ksize_uaf+0x1ad/0x4a0 [test_kasan] [ 3858.306092] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 3858.306791] ? do_raw_spin_trylock+0xb5/0x180 [ 3858.307395] ? do_raw_spin_lock+0x270/0x270 [ 3858.307978] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.308738] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.309438] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.310119] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.310811] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.311642] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.312339] kthread+0x2a4/0x350 [ 3858.312798] ? kthread_complete_and_exit+0x20/0x20 [ 3858.313458] ret_from_fork+0x1f/0x30 [ 3858.313965] [ 3858.314521] Allocated by task 116210: [ 3858.315026] kasan_save_stack+0x1e/0x40 [ 3858.315557] __kasan_kmalloc+0x81/0xa0 [ 3858.316073] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 3858.316689] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.317351] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.318175] kthread+0x2a4/0x350 [ 3858.318634] ret_from_fork+0x1f/0x30 [ 3858.319362] Freed by task 116210: [ 3858.319824] kasan_save_stack+0x1e/0x40 [ 3858.320350] kasan_set_track+0x21/0x30 [ 3858.320883] kasan_set_free_info+0x20/0x40 [ 3858.321382] __kasan_slab_free+0x108/0x170 [ 3858.321951] slab_free_freelist_hook+0x11d/0x1d0 [ 3858.322711] kfree+0xe2/0x3c0 [ 3858.323107] ksize_uaf+0x137/0x4a0 [test_kasan] [ 3858.323720] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.324386] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.325147] kthread+0x2a4/0x350 [ 3858.325582] ret_from_fork+0x1f/0x30 [ 3858.326308] Last potentially related work creation: [ 3858.326943] kasan_save_stack+0x1e/0x40 [ 3858.327420] __kasan_record_aux_stack+0x96/0xb0 [ 3858.327983] kvfree_call_rcu+0x7d/0x840 [ 3858.328458] dma_resv_reserve_fences+0x35d/0x680 [ 3858.329025] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3858.329657] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3858.330284] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3858.330865] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3858.331556] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3858.332324] process_one_work+0x8e2/0x1520 [ 3858.332825] worker_thread+0x59e/0xf90 [ 3858.333287] kthread+0x2a4/0x350 [ 3858.333728] ret_from_fork+0x1f/0x30 [ 3858.334462] The buggy address belongs to the object at ffff888017735a00 which belongs to the cache kmalloc-128 of size 128 [ 3858.335990] The buggy address is located 0 bytes inside of 128-byte region [ffff888017735a00, ffff888017735a80) [ 3858.337606] The buggy address belongs to the physical page: [ 3858.338353] page:0000000057c6309b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17735 [ 3858.339573] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3858.340391] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0 [ 3858.341310] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3858.342234] page dumped because: kasan: bad access detected [ 3858.343103] Memory state around the buggy address: [ 3858.343682] ffff888017735900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.344579] ffff888017735980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.345436] >ffff888017735a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.346346] ^ [ 3858.346752] ffff888017735a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.347611] ffff888017735b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.348468] ================================================================== [ 3858.349504] ================================================================== [ 3858.350391] BUG: KASAN: use-after-free in ksize_uaf+0x47d/0x4a0 [test_kasan] [ 3858.351328] Read of size 1 at addr ffff888017735a00 by task kunit_try_catch/116210 [ 3858.352433] CPU: 0 PID: 116210 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.354167] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.354858] Call Trace: [ 3858.355168] [ 3858.355447] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 3858.356024] dump_stack_lvl+0x57/0x81 [ 3858.356481] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.357174] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 3858.357762] print_report.cold+0x5c/0x237 [ 3858.358256] kasan_report+0xc9/0x100 [ 3858.358707] ? ksize_uaf+0x47d/0x4a0 [test_kasan] [ 3858.359283] ksize_uaf+0x47d/0x4a0 [test_kasan] [ 3858.359847] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 3858.360472] ? do_raw_spin_trylock+0xb5/0x180 [ 3858.361007] ? do_raw_spin_lock+0x270/0x270 [ 3858.361526] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.362198] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.362819] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.363414] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.364034] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.364822] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.365495] kthread+0x2a4/0x350 [ 3858.365899] ? kthread_complete_and_exit+0x20/0x20 [ 3858.366485] ret_from_fork+0x1f/0x30 [ 3858.366938] [ 3858.367426] Allocated by task 116210: [ 3858.367881] kasan_save_stack+0x1e/0x40 [ 3858.368350] __kasan_kmalloc+0x81/0xa0 [ 3858.368813] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 3858.369360] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.370018] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.370841] kthread+0x2a4/0x350 [ 3858.371291] ret_from_fork+0x1f/0x30 [ 3858.372018] Freed by task 116210: [ 3858.372483] kasan_save_stack+0x1e/0x40 [ 3858.373007] kasan_set_track+0x21/0x30 [ 3858.373543] kasan_set_free_info+0x20/0x40 [ 3858.374102] __kasan_slab_free+0x108/0x170 [ 3858.374663] slab_free_freelist_hook+0x11d/0x1d0 [ 3858.375304] kfree+0xe2/0x3c0 [ 3858.375730] ksize_uaf+0x137/0x4a0 [test_kasan] [ 3858.376350] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.376981] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.377717] kthread+0x2a4/0x350 [ 3858.378120] ret_from_fork+0x1f/0x30 [ 3858.378769] Last potentially related work creation: [ 3858.379358] kasan_save_stack+0x1e/0x40 [ 3858.379832] __kasan_record_aux_stack+0x96/0xb0 [ 3858.380384] kvfree_call_rcu+0x7d/0x840 [ 3858.380856] dma_resv_reserve_fences+0x35d/0x680 [ 3858.381418] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3858.382046] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3858.382774] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3858.383353] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3858.384042] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3858.384817] process_one_work+0x8e2/0x1520 [ 3858.385315] worker_thread+0x59e/0xf90 [ 3858.385778] kthread+0x2a4/0x350 [ 3858.386182] ret_from_fork+0x1f/0x30 [ 3858.386859] The buggy address belongs to the object at ffff888017735a00 which belongs to the cache kmalloc-128 of size 128 [ 3858.388487] The buggy address is located 0 bytes inside of 128-byte region [ffff888017735a00, ffff888017735a80) [ 3858.390230] The buggy address belongs to the physical page: [ 3858.390973] page:0000000057c6309b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17735 [ 3858.392196] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3858.393112] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0 [ 3858.394088] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3858.395005] page dumped because: kasan: bad access detected [ 3858.395945] Memory state around the buggy address: [ 3858.396540] ffff888017735900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.397395] ffff888017735980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.398260] >ffff888017735a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.399114] ^ [ 3858.399518] ffff888017735a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.400373] ffff888017735b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.401324] ================================================================== [ 3858.402278] ================================================================== [ 3858.403142] BUG: KASAN: use-after-free in ksize_uaf+0x470/0x4a0 [test_kasan] [ 3858.403986] Read of size 1 at addr ffff888017735a78 by task kunit_try_catch/116210 [ 3858.405096] CPU: 0 PID: 116210 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.406702] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.407388] Call Trace: [ 3858.407701] [ 3858.407975] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 3858.408553] dump_stack_lvl+0x57/0x81 [ 3858.409007] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.409709] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 3858.410283] print_report.cold+0x5c/0x237 [ 3858.410781] kasan_report+0xc9/0x100 [ 3858.411225] ? ksize_uaf+0x470/0x4a0 [test_kasan] [ 3858.411804] ksize_uaf+0x470/0x4a0 [test_kasan] [ 3858.412371] ? kmem_cache_oob+0x2e0/0x2e0 [test_kasan] [ 3858.413135] ? do_raw_spin_trylock+0xb5/0x180 [ 3858.413674] ? do_raw_spin_lock+0x270/0x270 [ 3858.414187] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.414859] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.415477] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.416069] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.416685] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.417426] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.418052] kthread+0x2a4/0x350 [ 3858.418460] ? kthread_complete_and_exit+0x20/0x20 [ 3858.419041] ret_from_fork+0x1f/0x30 [ 3858.419496] [ 3858.419984] Allocated by task 116210: [ 3858.420433] kasan_save_stack+0x1e/0x40 [ 3858.420908] __kasan_kmalloc+0x81/0xa0 [ 3858.421368] ksize_uaf+0x9a/0x4a0 [test_kasan] [ 3858.421921] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.422517] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.423249] kthread+0x2a4/0x350 [ 3858.423654] ret_from_fork+0x1f/0x30 [ 3858.424300] Freed by task 116210: [ 3858.424725] kasan_save_stack+0x1e/0x40 [ 3858.425195] kasan_set_track+0x21/0x30 [ 3858.425658] kasan_set_free_info+0x20/0x40 [ 3858.426157] __kasan_slab_free+0x108/0x170 [ 3858.426661] slab_free_freelist_hook+0x11d/0x1d0 [ 3858.427222] kfree+0xe2/0x3c0 [ 3858.427614] ksize_uaf+0x137/0x4a0 [test_kasan] [ 3858.428172] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.428768] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.429506] kthread+0x2a4/0x350 [ 3858.429907] ret_from_fork+0x1f/0x30 [ 3858.430556] Last potentially related work creation: [ 3858.431144] kasan_save_stack+0x1e/0x40 [ 3858.431617] __kasan_record_aux_stack+0x96/0xb0 [ 3858.432168] kvfree_call_rcu+0x7d/0x840 [ 3858.432640] dma_resv_reserve_fences+0x35d/0x680 [ 3858.433201] ttm_eu_reserve_buffers+0x42c/0x1070 [ttm] [ 3858.433827] qxl_release_reserve_list+0xe5/0x320 [qxl] [ 3858.434451] qxl_draw_dirty_fb+0x40e/0x1c70 [qxl] [ 3858.435027] qxl_framebuffer_surface_dirty+0x307/0x610 [qxl] [ 3858.435717] drm_fb_helper_damage_work+0x534/0x8c0 [drm_kms_helper] [ 3858.436483] process_one_work+0x8e2/0x1520 [ 3858.436980] worker_thread+0x59e/0xf90 [ 3858.437442] kthread+0x2a4/0x350 [ 3858.437844] ret_from_fork+0x1f/0x30 [ 3858.438494] The buggy address belongs to the object at ffff888017735a00 which belongs to the cache kmalloc-128 of size 128 [ 3858.439950] The buggy address is located 120 bytes inside of 128-byte region [ffff888017735a00, ffff888017735a80) [ 3858.441542] The buggy address belongs to the physical page: [ 3858.442303] page:0000000057c6309b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17735 [ 3858.443618] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3858.444438] raw: 000fffffc0000200 0000000000000000 dead000000000001 ffff8881000418c0 [ 3858.445352] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 3858.446269] page dumped because: kasan: bad access detected [ 3858.447151] Memory state around the buggy address: [ 3858.447734] ffff888017735900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.448591] ffff888017735980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.449455] >ffff888017735a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.450311] ^ [ 3858.451166] ffff888017735a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.452059] ffff888017735b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.452959] ================================================================== [ 3858.456255] ok 38 - ksize_uaf [ 3858.461326] ================================================================== [ 3858.462634] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400 [ 3858.463750] CPU: 0 PID: 116211 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.465365] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.466061] Call Trace: [ 3858.466371] [ 3858.466650] dump_stack_lvl+0x57/0x81 [ 3858.467106] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.467804] print_report.cold+0x5c/0x237 [ 3858.468296] ? kmem_cache_free+0x152/0x400 [ 3858.468821] ? kmem_cache_free+0x152/0x400 [ 3858.469379] kasan_report_invalid_free+0x99/0xc0 [ 3858.470017] ? kmem_cache_free+0x152/0x400 [ 3858.470583] ? kmem_cache_free+0x152/0x400 [ 3858.471140] __kasan_slab_free+0x152/0x170 [ 3858.471704] slab_free_freelist_hook+0x11d/0x1d0 [ 3858.472339] ? kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 3858.473292] kmem_cache_free+0x152/0x400 [ 3858.473846] kmem_cache_double_free+0x1bd/0x280 [test_kasan] [ 3858.474621] ? kmem_cache_invalid_free+0x280/0x280 [test_kasan] [ 3858.475382] ? do_raw_spin_trylock+0xb5/0x180 [ 3858.475922] ? do_raw_spin_lock+0x270/0x270 [ 3858.476442] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.477111] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3858.477715] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.478334] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.478935] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.479550] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.480284] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.485812] kthread+0x2a4/0x350 [ 3858.486227] ? kthread_complete_and_exit+0x20/0x20 [ 3858.486840] ret_from_fork+0x1f/0x30 [ 3858.487339] [ 3858.487849] Allocated by task 116211: [ 3858.488355] kasan_save_stack+0x1e/0x40 [ 3858.488885] __kasan_slab_alloc+0x66/0x80 [ 3858.489437] kmem_cache_alloc+0x161/0x310 [ 3858.489982] kmem_cache_double_free+0x123/0x280 [test_kasan] [ 3858.490762] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.491426] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.492255] kthread+0x2a4/0x350 [ 3858.492710] ret_from_fork+0x1f/0x30 [ 3858.493444] Freed by task 116211: [ 3858.493904] kasan_save_stack+0x1e/0x40 [ 3858.494438] kasan_set_track+0x21/0x30 [ 3858.494953] kasan_set_free_info+0x20/0x40 [ 3858.495518] __kasan_slab_free+0x108/0x170 [ 3858.496075] slab_free_freelist_hook+0x11d/0x1d0 [ 3858.496716] kmem_cache_free+0x152/0x400 [ 3858.497197] kmem_cache_double_free+0x144/0x280 [test_kasan] [ 3858.497889] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.498485] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.499221] kthread+0x2a4/0x350 [ 3858.499629] ret_from_fork+0x1f/0x30 [ 3858.500283] The buggy address belongs to the object at ffff888048ab5b58 which belongs to the cache test_cache of size 200 [ 3858.501831] The buggy address is located 0 bytes inside of 200-byte region [ffff888048ab5b58, ffff888048ab5c20) [ 3858.503570] The buggy address belongs to the physical page: [ 3858.504240] page:000000004f65d7a1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48ab5 [ 3858.505332] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3858.506149] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff88810ad51780 [ 3858.507067] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 3858.507978] page dumped because: kasan: bad access detected [ 3858.508846] Memory state around the buggy address: [ 3858.509423] ffff888048ab5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.510282] ffff888048ab5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.511148] >ffff888048ab5b00: fc fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb [ 3858.512006] ^ [ 3858.512734] ffff888048ab5b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.513593] ffff888048ab5c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.514455] ================================================================== [ 3858.613705] ok 39 - kmem_cache_double_free [ 3858.616439] ================================================================== [ 3858.617886] BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x152/0x400 [ 3858.618998] CPU: 0 PID: 116212 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.620622] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.621313] Call Trace: [ 3858.621630] [ 3858.621906] dump_stack_lvl+0x57/0x81 [ 3858.622362] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.623257] print_report.cold+0x5c/0x237 [ 3858.623755] ? kmem_cache_free+0x152/0x400 [ 3858.624258] ? kmem_cache_free+0x152/0x400 [ 3858.624744] kasan_report_invalid_free+0x99/0xc0 [ 3858.625288] ? kmem_cache_free+0x152/0x400 [ 3858.625800] ? kmem_cache_free+0x152/0x400 [ 3858.626297] __kasan_slab_free+0x152/0x170 [ 3858.626801] slab_free_freelist_hook+0x11d/0x1d0 [ 3858.627366] ? kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 3858.628083] kmem_cache_free+0x152/0x400 [ 3858.628571] kmem_cache_invalid_free+0x1b6/0x280 [test_kasan] [ 3858.629265] ? kmem_cache_double_destroy+0x250/0x250 [test_kasan] [ 3858.630002] ? do_raw_spin_trylock+0xb5/0x180 [ 3858.630615] ? do_raw_spin_lock+0x270/0x270 [ 3858.631157] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.631834] ? _raw_spin_unlock_irqrestore+0x42/0x70 [ 3858.632413] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.633054] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.633651] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.634265] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.634998] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.635623] kthread+0x2a4/0x350 [ 3858.636027] ? kthread_complete_and_exit+0x20/0x20 [ 3858.636617] ret_from_fork+0x1f/0x30 [ 3858.637071] [ 3858.637561] Allocated by task 116212: [ 3858.638008] kasan_save_stack+0x1e/0x40 [ 3858.638481] __kasan_slab_alloc+0x66/0x80 [ 3858.638967] kmem_cache_alloc+0x161/0x310 [ 3858.639458] kmem_cache_invalid_free+0x126/0x280 [test_kasan] [ 3858.640151] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.640761] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.641496] kthread+0x2a4/0x350 [ 3858.641899] ret_from_fork+0x1f/0x30 [ 3858.642548] The buggy address belongs to the object at ffff88800f1a9840 which belongs to the cache test_cache of size 200 [ 3858.643999] The buggy address is located 1 bytes inside of 200-byte region [ffff88800f1a9840, ffff88800f1a9908) [ 3858.645568] The buggy address belongs to the physical page: [ 3858.646233] page:00000000fad56823 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf1a9 [ 3858.647317] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3858.648136] raw: 000fffffc0000200 0000000000000000 dead000000000122 ffff88810ad51640 [ 3858.649057] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 3858.649971] page dumped because: kasan: bad access detected [ 3858.650845] Memory state around the buggy address: [ 3858.651427] ffff88800f1a9700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.652336] ffff88800f1a9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.653442] >ffff88800f1a9800: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 3858.654320] ^ [ 3858.654957] ffff88800f1a9880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3858.655815] ffff88800f1a9900: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.656671] ================================================================== [ 3858.723032] ok 40 - kmem_cache_invalid_free [ 3858.726562] ================================================================== [ 3858.728027] BUG: KASAN: use-after-free in kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 3858.729052] Read of size 1 at addr ffff88810ad51c80 by task kunit_try_catch/116213 [ 3858.730183] CPU: 0 PID: 116213 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.731963] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.732657] Call Trace: [ 3858.732967] [ 3858.733239] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 3858.734055] dump_stack_lvl+0x57/0x81 [ 3858.734571] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.735279] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 3858.736099] print_report.cold+0x5c/0x237 [ 3858.736654] kasan_report+0xc9/0x100 [ 3858.737098] ? kmem_cache_free+0x100/0x400 [ 3858.737600] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 3858.738337] ? kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 3858.739071] __kasan_check_byte+0x36/0x50 [ 3858.739564] kmem_cache_destroy+0x21/0x170 [ 3858.740067] kmem_cache_double_destroy+0x1a0/0x250 [test_kasan] [ 3858.740783] ? kmalloc_oob_right+0x510/0x510 [test_kasan] [ 3858.741514] ? do_raw_spin_trylock+0xb5/0x180 [ 3858.742116] ? do_raw_spin_lock+0x270/0x270 [ 3858.742843] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.743547] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.744163] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.744759] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.745370] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.746110] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.746740] kthread+0x2a4/0x350 [ 3858.747143] ? kthread_complete_and_exit+0x20/0x20 [ 3858.747725] ret_from_fork+0x1f/0x30 [ 3858.748175] [ 3858.748663] Allocated by task 116213: [ 3858.749112] kasan_save_stack+0x1e/0x40 [ 3858.749584] __kasan_slab_alloc+0x66/0x80 [ 3858.750069] kmem_cache_alloc+0x161/0x310 [ 3858.750556] kmem_cache_create_usercopy+0x1b9/0x310 [ 3858.751139] kmem_cache_create+0x12/0x20 [ 3858.751616] kmem_cache_double_destroy+0x8d/0x250 [test_kasan] [ 3858.752312] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.752906] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.753707] kthread+0x2a4/0x350 [ 3858.754160] ret_from_fork+0x1f/0x30 [ 3858.754838] Freed by task 116213: [ 3858.755279] kasan_save_stack+0x1e/0x40 [ 3858.755795] kasan_set_track+0x21/0x30 [ 3858.756309] kasan_set_free_info+0x20/0x40 [ 3858.756870] __kasan_slab_free+0x108/0x170 [ 3858.757390] slab_free_freelist_hook+0x11d/0x1d0 [ 3858.757993] kmem_cache_free+0x152/0x400 [ 3858.758529] kobject_cleanup+0x101/0x390 [ 3858.759077] kmem_cache_double_destroy+0x12a/0x250 [test_kasan] [ 3858.759791] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.760383] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.761113] kthread+0x2a4/0x350 [ 3858.761519] ret_from_fork+0x1f/0x30 [ 3858.762166] The buggy address belongs to the object at ffff88810ad51c80 which belongs to the cache kmem_cache of size 240 [ 3858.763614] The buggy address is located 0 bytes inside of 240-byte region [ffff88810ad51c80, ffff88810ad51d70) [ 3858.765277] The buggy address belongs to the physical page: [ 3858.766020] page:00000000eac92222 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ad51 [ 3858.767133] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff) [ 3858.767960] raw: 0017ffffc0000200 0000000000000000 dead000000000122 ffff888100041000 [ 3858.768879] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 3858.769789] page dumped because: kasan: bad access detected [ 3858.770657] Memory state around the buggy address: [ 3858.771235] ffff88810ad51b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3858.772094] ffff88810ad51c00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 3858.773157] >ffff88810ad51c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3858.774015] ^ [ 3858.774416] ffff88810ad51d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 3858.775277] ffff88810ad51d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3858.776139] ================================================================== [ 3858.777306] ok 41 - kmem_cache_double_destroy [ 3858.779044] ok 42 - kasan_memchr # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 3858.781057] ok 43 - kasan_memcmp # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 3858.784024] ok 44 - kasan_strings # SKIP Test requires CONFIG_AMD_MEM_ENCRYPT=n [ 3858.786039] ================================================================== [ 3858.787854] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 3858.788949] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3858.790067] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.791676] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.792366] Call Trace: [ 3858.792693] [ 3858.792957] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 3858.793828] dump_stack_lvl+0x57/0x81 [ 3858.794338] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.795118] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 3858.795992] print_report.cold+0x5c/0x237 [ 3858.796548] kasan_report+0xc9/0x100 [ 3858.797044] ? kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 3858.797875] kasan_check_range+0xfd/0x1e0 [ 3858.798392] kasan_bitops_modify.constprop.0+0xff/0x850 [test_kasan] [ 3858.799161] ? kasan_test_init+0x50/0x50 [test_kasan] [ 3858.799805] ? kunit_kfree+0x200/0x200 [kunit] [ 3858.800376] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.800960] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.801631] ? rcu_read_lock_held+0x30/0x50 [ 3858.802138] ? trace_kmalloc+0x3c/0x100 [ 3858.802743] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3858.803337] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3858.803987] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3858.804874] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3858.805565] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.806180] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.806777] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.807389] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.808127] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.808748] kthread+0x2a4/0x350 [ 3858.809150] ? kthread_complete_and_exit+0x20/0x20 [ 3858.809737] ret_from_fork+0x1f/0x30 [ 3858.810189] [ 3858.810680] Allocated by task 116217: [ 3858.811130] kasan_save_stack+0x1e/0x40 [ 3858.811601] __kasan_kmalloc+0x81/0xa0 [ 3858.812061] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3858.812717] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.813309] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.814044] kthread+0x2a4/0x350 [ 3858.814448] ret_from_fork+0x1f/0x30 [ 3858.815095] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3858.816532] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3858.818078] The buggy address belongs to the physical page: [ 3858.818744] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3858.819833] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3858.820645] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3858.821562] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3858.822475] page dumped because: kasan: bad access detected [ 3858.823325] Memory state around the buggy address: [ 3858.823920] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3858.824780] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3858.825646] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3858.826503] ^ [ 3858.827165] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3858.828022] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3858.828881] ================================================================== [ 3858.829815] ================================================================== [ 3858.830677] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 3858.831775] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3858.833031] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.834637] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.835325] Call Trace: [ 3858.835638] [ 3858.835911] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 3858.836704] dump_stack_lvl+0x57/0x81 [ 3858.837154] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.837851] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 3858.838641] print_report.cold+0x5c/0x237 [ 3858.839131] kasan_report+0xc9/0x100 [ 3858.839586] ? kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 3858.840350] kasan_check_range+0xfd/0x1e0 [ 3858.840860] kasan_bitops_modify.constprop.0+0x1a4/0x850 [test_kasan] [ 3858.841635] ? kasan_test_init+0x50/0x50 [test_kasan] [ 3858.842251] ? kunit_kfree+0x200/0x200 [kunit] [ 3858.842796] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.843368] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.844038] ? rcu_read_lock_held+0x30/0x50 [ 3858.844553] ? trace_kmalloc+0x3c/0x100 [ 3858.845036] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3858.845613] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3858.846263] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3858.847149] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3858.847832] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.848450] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.849043] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.849657] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.850389] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.851012] kthread+0x2a4/0x350 [ 3858.851417] ? kthread_complete_and_exit+0x20/0x20 [ 3858.851999] ret_from_fork+0x1f/0x30 [ 3858.852453] [ 3858.852941] Allocated by task 116217: [ 3858.853388] kasan_save_stack+0x1e/0x40 [ 3858.853859] __kasan_kmalloc+0x81/0xa0 [ 3858.854318] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3858.854967] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.855593] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.856414] kthread+0x2a4/0x350 [ 3858.856872] ret_from_fork+0x1f/0x30 [ 3858.857522] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3858.858958] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3858.860653] The buggy address belongs to the physical page: [ 3858.861391] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3858.862762] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3858.863584] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3858.864500] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3858.865449] page dumped because: kasan: bad access detected [ 3858.866429] Memory state around the buggy address: [ 3858.867076] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3858.872620] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3858.873482] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3858.874335] ^ [ 3858.874998] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3858.875861] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3858.876719] ================================================================== [ 3858.877638] ================================================================== [ 3858.878499] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 3858.879600] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3858.880713] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.882310] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.883004] Call Trace: [ 3858.883312] [ 3858.883588] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 3858.884372] dump_stack_lvl+0x57/0x81 [ 3858.884826] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.885523] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 3858.886304] print_report.cold+0x5c/0x237 [ 3858.886796] kasan_report+0xc9/0x100 [ 3858.887237] ? kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 3858.888089] kasan_check_range+0xfd/0x1e0 [ 3858.888640] kasan_bitops_modify.constprop.0+0x24d/0x850 [test_kasan] [ 3858.889510] ? kasan_test_init+0x50/0x50 [test_kasan] [ 3858.890194] ? kunit_kfree+0x200/0x200 [kunit] [ 3858.890813] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.891424] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.892186] ? rcu_read_lock_held+0x30/0x50 [ 3858.892898] ? trace_kmalloc+0x3c/0x100 [ 3858.893432] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3858.894076] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3858.894727] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3858.895610] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3858.896297] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.896913] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.897509] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.898121] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.898851] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.899474] kthread+0x2a4/0x350 [ 3858.899876] ? kthread_complete_and_exit+0x20/0x20 [ 3858.900462] ret_from_fork+0x1f/0x30 [ 3858.900914] [ 3858.901407] Allocated by task 116217: [ 3858.901857] kasan_save_stack+0x1e/0x40 [ 3858.902325] __kasan_kmalloc+0x81/0xa0 [ 3858.902786] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3858.903437] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.904029] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.904762] kthread+0x2a4/0x350 [ 3858.905162] ret_from_fork+0x1f/0x30 [ 3858.905809] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3858.907241] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3858.908787] The buggy address belongs to the physical page: [ 3858.909457] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3858.910546] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3858.911362] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3858.912279] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3858.913194] page dumped because: kasan: bad access detected [ 3858.914060] Memory state around the buggy address: [ 3858.914638] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3858.915496] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3858.916350] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3858.917209] ^ [ 3858.917872] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3858.918764] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3858.919683] ================================================================== [ 3858.920595] ================================================================== [ 3858.921458] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 3858.922559] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3858.923813] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.925418] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.926102] Call Trace: [ 3858.926414] [ 3858.926687] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 3858.927480] dump_stack_lvl+0x57/0x81 [ 3858.927931] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.928627] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 3858.929417] print_report.cold+0x5c/0x237 [ 3858.929908] kasan_report+0xc9/0x100 [ 3858.930351] ? kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 3858.931139] kasan_check_range+0xfd/0x1e0 [ 3858.931632] kasan_bitops_modify.constprop.0+0x2f2/0x850 [test_kasan] [ 3858.932402] ? kasan_test_init+0x50/0x50 [test_kasan] [ 3858.933018] ? kunit_kfree+0x200/0x200 [kunit] [ 3858.933566] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.934141] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.934810] ? rcu_read_lock_held+0x30/0x50 [ 3858.935317] ? trace_kmalloc+0x3c/0x100 [ 3858.935790] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3858.936365] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3858.937017] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3858.937902] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3858.938587] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.939204] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.939800] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.940416] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.941148] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.941771] kthread+0x2a4/0x350 [ 3858.942173] ? kthread_complete_and_exit+0x20/0x20 [ 3858.942756] ret_from_fork+0x1f/0x30 [ 3858.943211] [ 3858.943700] Allocated by task 116217: [ 3858.944146] kasan_save_stack+0x1e/0x40 [ 3858.944617] __kasan_kmalloc+0x81/0xa0 [ 3858.945077] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3858.945727] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.946320] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.947049] kthread+0x2a4/0x350 [ 3858.947457] ret_from_fork+0x1f/0x30 [ 3858.948104] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3858.949645] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3858.951301] The buggy address belongs to the physical page: [ 3858.951961] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3858.953210] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3858.954028] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3858.954942] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3858.955858] page dumped because: kasan: bad access detected [ 3858.956727] Memory state around the buggy address: [ 3858.957307] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3858.958167] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3858.959023] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3858.959881] ^ [ 3858.960543] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3858.961400] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3858.962253] ================================================================== [ 3858.963125] ================================================================== [ 3858.963985] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 3858.965081] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3858.966193] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3858.967793] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3858.968480] Call Trace: [ 3858.968822] [ 3858.969125] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 3858.970005] dump_stack_lvl+0x57/0x81 [ 3858.970514] print_address_description.constprop.0+0x1f/0x1e0 [ 3858.971289] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 3858.972167] print_report.cold+0x5c/0x237 [ 3858.972718] kasan_report+0xc9/0x100 [ 3858.973214] ? kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 3858.974095] kasan_check_range+0xfd/0x1e0 [ 3858.974642] kasan_bitops_modify.constprop.0+0x39b/0x850 [test_kasan] [ 3858.975485] ? kasan_test_init+0x50/0x50 [test_kasan] [ 3858.976108] ? kunit_kfree+0x200/0x200 [kunit] [ 3858.976655] ? rcu_read_lock_sched_held+0x12/0x80 [ 3858.977227] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3858.977896] ? rcu_read_lock_held+0x30/0x50 [ 3858.978405] ? trace_kmalloc+0x3c/0x100 [ 3858.978876] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3858.979474] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3858.980134] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3858.981017] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3858.981752] ? kunit_add_resource+0x197/0x280 [kunit] [ 3858.982447] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.983232] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3858.983846] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.984577] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3858.985194] kthread+0x2a4/0x350 [ 3858.985601] ? kthread_complete_and_exit+0x20/0x20 [ 3858.986179] ret_from_fork+0x1f/0x30 [ 3858.986636] [ 3858.987121] Allocated by task 116217: [ 3858.987573] kasan_save_stack+0x1e/0x40 [ 3858.988105] __kasan_kmalloc+0x81/0xa0 [ 3858.988624] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3858.989344] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3858.990014] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3858.990774] kthread+0x2a4/0x350 [ 3858.991175] ret_from_fork+0x1f/0x30 [ 3858.991844] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3858.993456] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3858.995171] The buggy address belongs to the physical page: [ 3858.995837] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3858.996931] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3858.997747] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3858.998660] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3858.999572] page dumped because: kasan: bad access detected [ 3859.000440] Memory state around the buggy address: [ 3859.001020] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.001878] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.002736] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.003596] ^ [ 3859.004257] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.005117] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.005977] ================================================================== [ 3859.006854] ================================================================== [ 3859.007715] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 3859.008810] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.009992] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.011631] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.012314] Call Trace: [ 3859.012789] [ 3859.013074] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 3859.013862] dump_stack_lvl+0x57/0x81 [ 3859.014311] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.015005] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 3859.015795] print_report.cold+0x5c/0x237 [ 3859.016285] kasan_report+0xc9/0x100 [ 3859.016728] ? kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 3859.017515] kasan_check_range+0xfd/0x1e0 [ 3859.018003] kasan_bitops_modify.constprop.0+0x440/0x850 [test_kasan] [ 3859.018776] ? kasan_test_init+0x50/0x50 [test_kasan] [ 3859.019395] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.019941] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.020517] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.021185] ? rcu_read_lock_held+0x30/0x50 [ 3859.021693] ? trace_kmalloc+0x3c/0x100 [ 3859.022160] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.022734] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3859.023381] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.024261] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.024948] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.025581] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.026170] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.026781] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.027513] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.028132] kthread+0x2a4/0x350 [ 3859.028537] ? kthread_complete_and_exit+0x20/0x20 [ 3859.029119] ret_from_fork+0x1f/0x30 [ 3859.029573] [ 3859.030058] Allocated by task 116217: [ 3859.030506] kasan_save_stack+0x1e/0x40 [ 3859.030971] __kasan_kmalloc+0x81/0xa0 [ 3859.031430] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.032073] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.032683] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.033484] kthread+0x2a4/0x350 [ 3859.033884] ret_from_fork+0x1f/0x30 [ 3859.034534] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.035963] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.037506] The buggy address belongs to the physical page: [ 3859.038168] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.039253] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.040070] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.040982] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.041935] page dumped because: kasan: bad access detected [ 3859.043046] Memory state around the buggy address: [ 3859.043705] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.044564] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.045423] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.046281] ^ [ 3859.046941] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.047795] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.048707] ================================================================== [ 3859.049576] ================================================================== [ 3859.050434] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 3859.051526] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.052637] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.054234] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.054996] Call Trace: [ 3859.055342] [ 3859.055655] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 3859.056444] dump_stack_lvl+0x57/0x81 [ 3859.056900] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.057595] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 3859.058377] print_report.cold+0x5c/0x237 [ 3859.058873] kasan_report+0xc9/0x100 [ 3859.059318] ? kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 3859.060107] kasan_check_range+0xfd/0x1e0 [ 3859.060601] kasan_bitops_modify.constprop.0+0x4e9/0x850 [test_kasan] [ 3859.061368] ? kasan_test_init+0x50/0x50 [test_kasan] [ 3859.061983] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.062532] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.063108] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.063838] ? rcu_read_lock_held+0x30/0x50 [ 3859.064408] ? trace_kmalloc+0x3c/0x100 [ 3859.064935] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.065547] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3859.066193] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.067172] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.067943] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.068634] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.069302] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.069990] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.070812] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.071512] kthread+0x2a4/0x350 [ 3859.071964] ? kthread_complete_and_exit+0x20/0x20 [ 3859.072766] ret_from_fork+0x1f/0x30 [ 3859.073271] [ 3859.073821] Allocated by task 116217: [ 3859.074321] kasan_save_stack+0x1e/0x40 [ 3859.074848] __kasan_kmalloc+0x81/0xa0 [ 3859.075357] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.076087] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.076751] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.077572] kthread+0x2a4/0x350 [ 3859.078030] ret_from_fork+0x1f/0x30 [ 3859.078731] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.080264] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.081816] The buggy address belongs to the physical page: [ 3859.082544] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.083743] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.084560] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.085474] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.086388] page dumped because: kasan: bad access detected [ 3859.087253] Memory state around the buggy address: [ 3859.087863] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.088824] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.089782] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.090743] ^ [ 3859.091492] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.092413] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.093352] ================================================================== [ 3859.094331] ================================================================== [ 3859.095297] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 3859.096528] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.097780] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.099578] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.100347] Call Trace: [ 3859.100699] [ 3859.101005] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 3859.101894] dump_stack_lvl+0x57/0x81 [ 3859.102407] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.103358] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 3859.104247] print_report.cold+0x5c/0x237 [ 3859.104801] kasan_report+0xc9/0x100 [ 3859.105303] ? kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 3859.106189] kasan_check_range+0xfd/0x1e0 [ 3859.106743] kasan_bitops_modify.constprop.0+0x58e/0x850 [test_kasan] [ 3859.107613] ? kasan_test_init+0x50/0x50 [test_kasan] [ 3859.108301] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.108916] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.109563] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.110308] ? rcu_read_lock_held+0x30/0x50 [ 3859.110883] ? trace_kmalloc+0x3c/0x100 [ 3859.111415] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.112018] kasan_bitops_generic+0xfa/0x164 [test_kasan] [ 3859.112724] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.113718] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.114490] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.115179] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.115846] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.116565] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.117386] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.118078] kthread+0x2a4/0x350 [ 3859.118535] ? kthread_complete_and_exit+0x20/0x20 [ 3859.119186] ret_from_fork+0x1f/0x30 [ 3859.119698] [ 3859.120240] Allocated by task 116217: [ 3859.120722] kasan_save_stack+0x1e/0x40 [ 3859.121191] __kasan_kmalloc+0x81/0xa0 [ 3859.121704] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.122435] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.123093] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.123910] kthread+0x2a4/0x350 [ 3859.124313] ret_from_fork+0x1f/0x30 [ 3859.125039] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.126623] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.128199] The buggy address belongs to the physical page: [ 3859.128864] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.130039] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.130947] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.131896] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.133054] page dumped because: kasan: bad access detected [ 3859.134026] Memory state around the buggy address: [ 3859.134607] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.135471] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.136323] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.137289] ^ [ 3859.137990] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.138848] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.139709] ================================================================== [ 3859.140584] ================================================================== [ 3859.141446] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 3859.142621] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.143735] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.145338] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.146028] Call Trace: [ 3859.146342] [ 3859.146620] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 3859.147490] dump_stack_lvl+0x57/0x81 [ 3859.147941] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.148637] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 3859.149510] print_report.cold+0x5c/0x237 [ 3859.150035] kasan_report+0xc9/0x100 [ 3859.150535] ? kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 3859.151464] kasan_check_range+0xfd/0x1e0 [ 3859.151953] kasan_bitops_test_and_modify.constprop.0+0xff/0x990 [test_kasan] [ 3859.152817] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3859.153613] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.154160] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.154739] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.155413] ? rcu_read_lock_held+0x30/0x50 [ 3859.155922] ? trace_kmalloc+0x3c/0x100 [ 3859.156398] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.156973] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3859.157635] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.158520] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.159206] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.159826] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.160423] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.161031] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.161766] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.162949] kthread+0x2a4/0x350 [ 3859.164464] ? kthread_complete_and_exit+0x20/0x20 [ 3859.166578] ret_from_fork+0x1f/0x30 [ 3859.168196] [ 3859.169944] Allocated by task 116217: [ 3859.171562] kasan_save_stack+0x1e/0x40 [ 3859.173243] __kasan_kmalloc+0x81/0xa0 [ 3859.174897] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.176316] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.177197] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.178277] kthread+0x2a4/0x350 [ 3859.178879] ret_from_fork+0x1f/0x30 [ 3859.179835] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.181960] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.184255] The buggy address belongs to the physical page: [ 3859.185236] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.186512] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.187388] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.188376] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.189407] page dumped because: kasan: bad access detected [ 3859.190330] Memory state around the buggy address: [ 3859.190956] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.191875] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.192965] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.193885] ^ [ 3859.194595] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.195550] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.196469] ================================================================== [ 3859.197538] ================================================================== [ 3859.198485] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 3859.199756] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.200945] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.202669] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.203403] Call Trace: [ 3859.203743] [ 3859.204042] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 3859.204988] dump_stack_lvl+0x57/0x81 [ 3859.205477] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.206217] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 3859.207158] print_report.cold+0x5c/0x237 [ 3859.207683] kasan_report+0xc9/0x100 [ 3859.208151] ? kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 3859.209093] kasan_check_range+0xfd/0x1e0 [ 3859.209622] kasan_bitops_test_and_modify.constprop.0+0x1a9/0x990 [test_kasan] [ 3859.210543] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3859.211391] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.211997] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.212625] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.213338] ? rcu_read_lock_held+0x30/0x50 [ 3859.213896] ? trace_kmalloc+0x3c/0x100 [ 3859.214416] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.215031] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3859.215738] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.216684] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.217437] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.218091] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.218728] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.219382] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.220185] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.220929] kthread+0x2a4/0x350 [ 3859.221408] ? kthread_complete_and_exit+0x20/0x20 [ 3859.222031] ret_from_fork+0x1f/0x30 [ 3859.222534] [ 3859.223213] Allocated by task 116217: [ 3859.223699] kasan_save_stack+0x1e/0x40 [ 3859.224196] __kasan_kmalloc+0x81/0xa0 [ 3859.224689] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.225389] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.226018] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.226795] kthread+0x2a4/0x350 [ 3859.227219] ret_from_fork+0x1f/0x30 [ 3859.227915] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.229445] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.231110] The buggy address belongs to the physical page: [ 3859.231823] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.233142] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.234011] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.235022] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.235999] page dumped because: kasan: bad access detected [ 3859.236956] Memory state around the buggy address: [ 3859.237579] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.238523] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.239438] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.240351] ^ [ 3859.241062] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.241983] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.242904] ================================================================== [ 3859.243837] ================================================================== [ 3859.244773] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 3859.246053] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.247247] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.248952] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.249771] Call Trace: [ 3859.250143] [ 3859.250438] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 3859.251377] dump_stack_lvl+0x57/0x81 [ 3859.251872] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.252784] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 3859.253736] print_report.cold+0x5c/0x237 [ 3859.254262] kasan_report+0xc9/0x100 [ 3859.254736] ? kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 3859.263221] kasan_check_range+0xfd/0x1e0 [ 3859.263823] kasan_bitops_test_and_modify.constprop.0+0x252/0x990 [test_kasan] [ 3859.264669] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3859.265491] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.266043] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.266663] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.267335] ? rcu_read_lock_held+0x30/0x50 [ 3859.267852] ? trace_kmalloc+0x3c/0x100 [ 3859.268334] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.268962] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3859.269683] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.270608] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.271301] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.271946] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.272557] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.273188] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.273929] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.274555] kthread+0x2a4/0x350 [ 3859.274966] ? kthread_complete_and_exit+0x20/0x20 [ 3859.275556] ret_from_fork+0x1f/0x30 [ 3859.276022] [ 3859.276517] Allocated by task 116217: [ 3859.276973] kasan_save_stack+0x1e/0x40 [ 3859.277458] __kasan_kmalloc+0x81/0xa0 [ 3859.277902] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.278536] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.279109] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.279843] kthread+0x2a4/0x350 [ 3859.280286] ret_from_fork+0x1f/0x30 [ 3859.281026] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.282701] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.284275] The buggy address belongs to the physical page: [ 3859.284961] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.286062] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.286890] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.287813] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.288735] page dumped because: kasan: bad access detected [ 3859.289616] Memory state around the buggy address: [ 3859.290213] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.291081] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.291964] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.292834] ^ [ 3859.293506] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.294371] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.295259] ================================================================== [ 3859.296292] ================================================================== [ 3859.297162] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 3859.298383] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.299510] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.301133] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.301834] Call Trace: [ 3859.302162] [ 3859.302441] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 3859.303353] dump_stack_lvl+0x57/0x81 [ 3859.303830] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.304534] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 3859.305423] print_report.cold+0x5c/0x237 [ 3859.305932] kasan_report+0xc9/0x100 [ 3859.306383] ? kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 3859.307275] kasan_check_range+0xfd/0x1e0 [ 3859.307785] kasan_bitops_test_and_modify.constprop.0+0x2fc/0x990 [test_kasan] [ 3859.308656] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3859.309460] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.310011] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.310590] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.311262] ? rcu_read_lock_held+0x30/0x50 [ 3859.311795] ? trace_kmalloc+0x3c/0x100 [ 3859.312268] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.313018] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3859.313685] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.314580] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.315265] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.315891] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.316501] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.317119] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.317859] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.318488] kthread+0x2a4/0x350 [ 3859.318901] ? kthread_complete_and_exit+0x20/0x20 [ 3859.319498] ret_from_fork+0x1f/0x30 [ 3859.319958] [ 3859.320456] Allocated by task 116217: [ 3859.320909] kasan_save_stack+0x1e/0x40 [ 3859.321389] __kasan_kmalloc+0x81/0xa0 [ 3859.321834] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.322469] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.323072] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.323814] kthread+0x2a4/0x350 [ 3859.324280] ret_from_fork+0x1f/0x30 [ 3859.324967] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.326384] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.327960] The buggy address belongs to the physical page: [ 3859.328635] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.329735] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.330545] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.331486] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.332408] page dumped because: kasan: bad access detected [ 3859.333282] Memory state around the buggy address: [ 3859.333848] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.334716] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.335582] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.336452] ^ [ 3859.337096] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.337957] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.338820] ================================================================== [ 3859.339695] ================================================================== [ 3859.340567] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 3859.341767] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.343040] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.344663] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.345361] Call Trace: [ 3859.345676] [ 3859.345951] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 3859.346841] dump_stack_lvl+0x57/0x81 [ 3859.347299] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.348000] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 3859.348891] print_report.cold+0x5c/0x237 [ 3859.349386] kasan_report+0xc9/0x100 [ 3859.349819] ? kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 3859.350680] kasan_check_range+0xfd/0x1e0 [ 3859.351189] kasan_bitops_test_and_modify.constprop.0+0x3a6/0x990 [test_kasan] [ 3859.352070] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3859.352871] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.353425] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.354009] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.354664] ? rcu_read_lock_held+0x30/0x50 [ 3859.355189] ? trace_kmalloc+0x3c/0x100 [ 3859.355668] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.356316] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3859.357031] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.357921] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.358661] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.359385] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.359988] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.360608] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.361319] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.361925] kthread+0x2a4/0x350 [ 3859.362320] ? kthread_complete_and_exit+0x20/0x20 [ 3859.362914] ret_from_fork+0x1f/0x30 [ 3859.363374] [ 3859.363868] Allocated by task 116217: [ 3859.364318] kasan_save_stack+0x1e/0x40 [ 3859.364795] __kasan_kmalloc+0x81/0xa0 [ 3859.365259] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.365913] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.366512] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.367226] kthread+0x2a4/0x350 [ 3859.367652] ret_from_fork+0x1f/0x30 [ 3859.368303] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.369753] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.371325] The buggy address belongs to the physical page: [ 3859.372000] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.373270] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.374110] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.375036] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.375957] page dumped because: kasan: bad access detected [ 3859.376904] Memory state around the buggy address: [ 3859.377510] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.378409] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.379274] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.380143] ^ [ 3859.380816] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.381677] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.382602] ================================================================== [ 3859.383494] ================================================================== [ 3859.384366] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 3859.385591] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.386728] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.388433] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.389143] Call Trace: [ 3859.389461] [ 3859.389736] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 3859.390609] dump_stack_lvl+0x57/0x81 [ 3859.391080] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.391782] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 3859.392672] print_report.cold+0x5c/0x237 [ 3859.393162] kasan_report+0xc9/0x100 [ 3859.393600] ? kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 3859.394498] kasan_check_range+0xfd/0x1e0 [ 3859.395039] kasan_bitops_test_and_modify.constprop.0+0x44f/0x990 [test_kasan] [ 3859.395927] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3859.396723] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.397253] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.397846] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.398527] ? rcu_read_lock_held+0x30/0x50 [ 3859.399040] ? trace_kmalloc+0x3c/0x100 [ 3859.399519] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.400096] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3859.400758] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.401646] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.402336] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.403270] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.403960] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.404621] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.405467] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.406230] kthread+0x2a4/0x350 [ 3859.406694] ? kthread_complete_and_exit+0x20/0x20 [ 3859.407274] ret_from_fork+0x1f/0x30 [ 3859.407726] [ 3859.408221] Allocated by task 116217: [ 3859.408675] kasan_save_stack+0x1e/0x40 [ 3859.409166] __kasan_kmalloc+0x81/0xa0 [ 3859.409631] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.410321] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.410921] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.411668] kthread+0x2a4/0x350 [ 3859.412055] ret_from_fork+0x1f/0x30 [ 3859.412716] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.414189] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.415739] The buggy address belongs to the physical page: [ 3859.416407] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.417501] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.418364] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.419281] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.420180] page dumped because: kasan: bad access detected [ 3859.421058] Memory state around the buggy address: [ 3859.421645] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.422535] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.423390] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.424240] ^ [ 3859.424901] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.425797] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.426652] ================================================================== [ 3859.427559] ================================================================== [ 3859.428478] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 3859.429668] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.430790] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.432444] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.433289] Call Trace: [ 3859.433608] [ 3859.433911] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 3859.434807] dump_stack_lvl+0x57/0x81 [ 3859.435270] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.436038] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 3859.436923] print_report.cold+0x5c/0x237 [ 3859.437420] kasan_report+0xc9/0x100 [ 3859.437866] ? kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 3859.438755] kasan_check_range+0xfd/0x1e0 [ 3859.439248] kasan_bitops_test_and_modify.constprop.0+0x4f9/0x990 [test_kasan] [ 3859.440160] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3859.440959] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.441507] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.442082] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.442755] ? rcu_read_lock_held+0x30/0x50 [ 3859.443262] ? trace_kmalloc+0x3c/0x100 [ 3859.443787] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.444346] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3859.445026] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.445914] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.446607] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.447239] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.447887] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.448506] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.449240] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.449867] kthread+0x2a4/0x350 [ 3859.450272] ? kthread_complete_and_exit+0x20/0x20 [ 3859.450861] ret_from_fork+0x1f/0x30 [ 3859.451320] [ 3859.451856] Allocated by task 116217: [ 3859.452307] kasan_save_stack+0x1e/0x40 [ 3859.452782] __kasan_kmalloc+0x81/0xa0 [ 3859.453243] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.453895] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.454493] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.455224] kthread+0x2a4/0x350 [ 3859.455649] ret_from_fork+0x1f/0x30 [ 3859.456322] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.457805] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.459359] The buggy address belongs to the physical page: [ 3859.460023] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.461121] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.461983] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.463052] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.463973] page dumped because: kasan: bad access detected [ 3859.464843] Memory state around the buggy address: [ 3859.465426] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.466327] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.467190] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.468050] ^ [ 3859.468767] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.469777] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.470745] ================================================================== [ 3859.471743] ================================================================== [ 3859.472652] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 3859.473923] Read of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.475032] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.476640] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.477330] Call Trace: [ 3859.477661] [ 3859.477962] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 3859.478863] dump_stack_lvl+0x57/0x81 [ 3859.479317] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.480158] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 3859.481387] print_report.cold+0x5c/0x237 [ 3859.482035] kasan_report+0xc9/0x100 [ 3859.482625] ? kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 3859.483803] kasan_check_range+0xfd/0x1e0 [ 3859.484469] kasan_bitops_test_and_modify.constprop.0+0x5a2/0x990 [test_kasan] [ 3859.485657] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3859.486713] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.487438] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.488183] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.488979] ? rcu_read_lock_held+0x30/0x50 [ 3859.489499] ? trace_kmalloc+0x3c/0x100 [ 3859.489982] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.490564] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3859.491224] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.492109] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.492975] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.493601] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.494196] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.494811] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.495557] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.496184] kthread+0x2a4/0x350 [ 3859.496592] ? kthread_complete_and_exit+0x20/0x20 [ 3859.497214] ret_from_fork+0x1f/0x30 [ 3859.497672] [ 3859.498161] Allocated by task 116217: [ 3859.498628] kasan_save_stack+0x1e/0x40 [ 3859.499096] __kasan_kmalloc+0x81/0xa0 [ 3859.499575] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.500235] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.500870] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.501604] kthread+0x2a4/0x350 [ 3859.502006] ret_from_fork+0x1f/0x30 [ 3859.502657] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.504090] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.505739] The buggy address belongs to the physical page: [ 3859.506406] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.507518] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.508335] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.509286] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.510235] page dumped because: kasan: bad access detected [ 3859.511158] Memory state around the buggy address: [ 3859.511775] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.512640] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.513506] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.514364] ^ [ 3859.515028] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.515929] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.516789] ================================================================== [ 3859.517677] ================================================================== [ 3859.518537] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 3859.519765] Read of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.520876] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.522494] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.523313] Call Trace: [ 3859.523644] [ 3859.523948] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 3859.524849] dump_stack_lvl+0x57/0x81 [ 3859.525300] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.525992] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 3859.526876] print_report.cold+0x5c/0x237 [ 3859.527371] kasan_report+0xc9/0x100 [ 3859.527855] ? kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 3859.528742] kasan_bitops_test_and_modify.constprop.0+0x984/0x990 [test_kasan] [ 3859.529608] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3859.530404] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.531001] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.531588] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.532234] ? rcu_read_lock_held+0x30/0x50 [ 3859.532760] ? trace_kmalloc+0x3c/0x100 [ 3859.533229] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.533809] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3859.534471] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.535397] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.536084] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.536703] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.537296] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.537911] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.538659] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.539307] kthread+0x2a4/0x350 [ 3859.539734] ? kthread_complete_and_exit+0x20/0x20 [ 3859.540315] ret_from_fork+0x1f/0x30 [ 3859.540773] [ 3859.541259] Allocated by task 116217: [ 3859.541714] kasan_save_stack+0x1e/0x40 [ 3859.542182] __kasan_kmalloc+0x81/0xa0 [ 3859.542659] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.543335] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.543939] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.544687] kthread+0x2a4/0x350 [ 3859.545099] ret_from_fork+0x1f/0x30 [ 3859.545751] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.547225] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.548776] The buggy address belongs to the physical page: [ 3859.549441] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.550534] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.551400] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.552309] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.553374] page dumped because: kasan: bad access detected [ 3859.554241] Memory state around the buggy address: [ 3859.554865] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.555727] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.556586] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.557445] ^ [ 3859.558108] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.559022] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.559882] ================================================================== [ 3859.560758] ================================================================== [ 3859.561620] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 3859.562851] Write of size 8 at addr ffff8880479e7b48 by task kunit_try_catch/116217 [ 3859.563967] CPU: 0 PID: 116217 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.565576] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.566265] Call Trace: [ 3859.566578] [ 3859.566889] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 3859.567768] dump_stack_lvl+0x57/0x81 [ 3859.568221] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.568997] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 3859.570058] print_report.cold+0x5c/0x237 [ 3859.570636] kasan_report+0xc9/0x100 [ 3859.571084] ? kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 3859.571985] kasan_check_range+0xfd/0x1e0 [ 3859.572494] kasan_bitops_test_and_modify.constprop.0+0x66e/0x990 [test_kasan] [ 3859.573375] ? kasan_bitops_modify.constprop.0+0x850/0x850 [test_kasan] [ 3859.574306] ? kunit_kfree+0x200/0x200 [kunit] [ 3859.574928] ? rcu_read_lock_sched_held+0x12/0x80 [ 3859.575578] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.576247] ? rcu_read_lock_held+0x30/0x50 [ 3859.576758] ? trace_kmalloc+0x3c/0x100 [ 3859.577229] ? kmem_cache_alloc_trace+0x1af/0x320 [ 3859.577874] kasan_bitops_generic+0x105/0x164 [test_kasan] [ 3859.578540] ? kasan_bitops_test_and_modify.constprop.0+0x990/0x990 [test_kasan] [ 3859.579426] ? kunit_unary_assert_format+0x1e0/0x1e0 [kunit] [ 3859.580112] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.580729] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.581320] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.581991] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.582869] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.587807] kthread+0x2a4/0x350 [ 3859.588217] ? kthread_complete_and_exit+0x20/0x20 [ 3859.588854] ret_from_fork+0x1f/0x30 [ 3859.589382] [ 3859.589932] Allocated by task 116217: [ 3859.590455] kasan_save_stack+0x1e/0x40 [ 3859.590981] __kasan_kmalloc+0x81/0xa0 [ 3859.591510] kasan_bitops_generic+0x86/0x164 [test_kasan] [ 3859.592276] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.592965] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.593717] kthread+0x2a4/0x350 [ 3859.594121] ret_from_fork+0x1f/0x30 [ 3859.594816] The buggy address belongs to the object at ffff8880479e7b40 which belongs to the cache kmalloc-16 of size 16 [ 3859.596498] The buggy address is located 8 bytes inside of 16-byte region [ffff8880479e7b40, ffff8880479e7b50) [ 3859.598214] The buggy address belongs to the physical page: [ 3859.598883] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.600029] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.600929] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.601863] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.602786] page dumped because: kasan: bad access detected [ 3859.603680] Memory state around the buggy address: [ 3859.604274] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.605137] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.605997] >ffff8880479e7b00: 00 00 fc fc 00 00 fc fc 00 01 fc fc fa fb fc fc [ 3859.606896] ^ [ 3859.607562] ffff8880479e7b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.608417] ffff8880479e7c00: fb fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 3859.609272] ================================================================== [ 3859.612179] ok 45 - kasan_bitops_generic [ 3859.618967] ok 46 - kasan_bitops_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 3859.619880] ================================================================== [ 3859.621688] BUG: KASAN: use-after-free in kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3859.622682] Read of size 1 at addr ffff8880479e7980 by task kunit_try_catch/116219 [ 3859.623815] CPU: 0 PID: 116219 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.625424] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.626111] Call Trace: [ 3859.626425] [ 3859.626731] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3859.627437] dump_stack_lvl+0x57/0x81 [ 3859.627890] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.628591] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3859.629282] print_report.cold+0x5c/0x237 [ 3859.629776] kasan_report+0xc9/0x100 [ 3859.630219] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3859.630955] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3859.631653] __kasan_check_byte+0x36/0x50 [ 3859.632143] kfree_sensitive+0x1b/0x60 [ 3859.632633] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3859.633332] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan] [ 3859.633966] ? do_raw_spin_trylock+0xb5/0x180 [ 3859.634507] ? do_raw_spin_lock+0x270/0x270 [ 3859.635021] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.635746] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.636422] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.637017] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.637647] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.638414] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.639035] kthread+0x2a4/0x350 [ 3859.639445] ? kthread_complete_and_exit+0x20/0x20 [ 3859.640029] ret_from_fork+0x1f/0x30 [ 3859.640487] [ 3859.640973] Allocated by task 116219: [ 3859.641426] kasan_save_stack+0x1e/0x40 [ 3859.641938] __kasan_kmalloc+0x81/0xa0 [ 3859.642408] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 3859.643215] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.643837] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.644577] kthread+0x2a4/0x350 [ 3859.644981] ret_from_fork+0x1f/0x30 [ 3859.645650] Freed by task 116219: [ 3859.646083] kasan_save_stack+0x1e/0x40 [ 3859.646559] kasan_set_track+0x21/0x30 [ 3859.647050] kasan_set_free_info+0x20/0x40 [ 3859.647552] __kasan_slab_free+0x108/0x170 [ 3859.648050] slab_free_freelist_hook+0x11d/0x1d0 [ 3859.648617] kfree+0xe2/0x3c0 [ 3859.649000] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 3859.649672] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.650274] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.651048] kthread+0x2a4/0x350 [ 3859.651458] ret_from_fork+0x1f/0x30 [ 3859.652112] The buggy address belongs to the object at ffff8880479e7980 which belongs to the cache kmalloc-16 of size 16 [ 3859.653555] The buggy address is located 0 bytes inside of 16-byte region [ffff8880479e7980, ffff8880479e7990) [ 3859.655152] The buggy address belongs to the physical page: [ 3859.655833] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.656928] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.657748] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.658695] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.659627] page dumped because: kasan: bad access detected [ 3859.660500] Memory state around the buggy address: [ 3859.661080] ffff8880479e7880: fa fb fc fc fb fb fc fc fb fb fc fc fa fb fc fc [ 3859.661942] ffff8880479e7900: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 3859.662845] >ffff8880479e7980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3859.663707] ^ [ 3859.664111] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.664975] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.665832] ================================================================== [ 3859.666770] ================================================================== [ 3859.667710] BUG: KASAN: double-free or invalid-free in kfree+0xe2/0x3c0 [ 3859.668847] CPU: 0 PID: 116219 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.670678] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.671484] Call Trace: [ 3859.671833] [ 3859.672139] dump_stack_lvl+0x57/0x81 [ 3859.672795] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.673530] print_report.cold+0x5c/0x237 [ 3859.674019] ? kfree+0xe2/0x3c0 [ 3859.674420] ? kfree+0xe2/0x3c0 [ 3859.674859] kasan_report_invalid_free+0x99/0xc0 [ 3859.675429] ? kfree+0xe2/0x3c0 [ 3859.675847] ? kfree+0xe2/0x3c0 [ 3859.676289] __kasan_slab_free+0x152/0x170 [ 3859.676865] slab_free_freelist_hook+0x11d/0x1d0 [ 3859.677436] ? kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3859.678132] kfree+0xe2/0x3c0 [ 3859.678514] ? __kasan_check_byte+0x36/0x50 [ 3859.679064] kmalloc_double_kzfree+0x1ad/0x270 [test_kasan] [ 3859.679738] ? vmalloc_oob+0x5e0/0x5e0 [test_kasan] [ 3859.680339] ? do_raw_spin_trylock+0xb5/0x180 [ 3859.680874] ? do_raw_spin_lock+0x270/0x270 [ 3859.681392] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.682071] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.682720] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.683324] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.683979] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.684719] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.685347] kthread+0x2a4/0x350 [ 3859.685753] ? kthread_complete_and_exit+0x20/0x20 [ 3859.686336] ret_from_fork+0x1f/0x30 [ 3859.686856] [ 3859.687530] Allocated by task 116219: [ 3859.688147] kasan_save_stack+0x1e/0x40 [ 3859.688774] __kasan_kmalloc+0x81/0xa0 [ 3859.689385] kmalloc_double_kzfree+0x9a/0x270 [test_kasan] [ 3859.690256] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.691054] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.692046] kthread+0x2a4/0x350 [ 3859.692612] ret_from_fork+0x1f/0x30 [ 3859.693487] Freed by task 116219: [ 3859.694026] kasan_save_stack+0x1e/0x40 [ 3859.694650] kasan_set_track+0x21/0x30 [ 3859.695252] kasan_set_free_info+0x20/0x40 [ 3859.695896] __kasan_slab_free+0x108/0x170 [ 3859.696402] slab_free_freelist_hook+0x11d/0x1d0 [ 3859.696978] kfree+0xe2/0x3c0 [ 3859.697361] kmalloc_double_kzfree+0x137/0x270 [test_kasan] [ 3859.698029] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.698650] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.699404] kthread+0x2a4/0x350 [ 3859.699807] ret_from_fork+0x1f/0x30 [ 3859.700460] The buggy address belongs to the object at ffff8880479e7980 which belongs to the cache kmalloc-16 of size 16 [ 3859.701969] The buggy address is located 0 bytes inside of 16-byte region [ffff8880479e7980, ffff8880479e7990) [ 3859.703685] The buggy address belongs to the physical page: [ 3859.704353] page:000000000ed2cf28 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x479e7 [ 3859.705488] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff) [ 3859.706302] raw: 000fffffc0000200 ffffea00011fe3c0 dead000000000002 ffff8881000413c0 [ 3859.707221] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 3859.708150] page dumped because: kasan: bad access detected [ 3859.709070] Memory state around the buggy address: [ 3859.709653] ffff8880479e7880: fa fb fc fc fb fb fc fc fb fb fc fc fa fb fc fc [ 3859.710512] ffff8880479e7900: fa fb fc fc fa fb fc fc fb fb fc fc fa fb fc fc [ 3859.711373] >ffff8880479e7980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 3859.712269] ^ [ 3859.712705] ffff8880479e7a00: fa fb fc fc fa fb fc fc fb fb fc fc fb fb fc fc [ 3859.713564] ffff8880479e7a80: fa fb fc fc fa fb fc fc fb fb fc fc 00 00 fc fc [ 3859.714456] ================================================================== [ 3859.715919] ok 47 - kmalloc_double_kzfree [ 3859.716988] ok 48 - vmalloc_helpers_tags # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 3859.720038] ================================================================== [ 3859.721873] BUG: KASAN: out-of-bounds in vmalloc_oob+0x596/0x5e0 [test_kasan] [ 3859.722777] Read of size 1 at addr ffffc900000977f3 by task kunit_try_catch/116221 [ 3859.723886] CPU: 0 PID: 116221 Comm: kunit_try_catch Kdump: loaded Tainted: G B --------- --- 5.14.0-242.1941_756332622.el9.x86_64+debug #1 [ 3859.725495] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 3859.726183] Call Trace: [ 3859.726498] [ 3859.726816] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 3859.727416] dump_stack_lvl+0x57/0x81 [ 3859.727870] print_address_description.constprop.0+0x1f/0x1e0 [ 3859.728567] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 3859.729156] print_report.cold+0x5c/0x237 [ 3859.729650] kasan_report+0xc9/0x100 [ 3859.730094] ? vmalloc_oob+0x596/0x5e0 [test_kasan] [ 3859.730732] vmalloc_oob+0x596/0x5e0 [test_kasan] [ 3859.731313] ? kasan_global_oob_right+0x1f0/0x1f0 [test_kasan] [ 3859.732018] ? do_raw_spin_trylock+0xb5/0x180 [ 3859.732675] ? do_raw_spin_lock+0x270/0x270 [ 3859.733206] ? kunit_fail_assert_format+0x100/0x100 [kunit] [ 3859.733880] ? kunit_add_resource+0x197/0x280 [kunit] [ 3859.734502] kunit_try_run_case+0x108/0x1a0 [kunit] [ 3859.735149] ? kunit_catch_run_case+0xe0/0xe0 [kunit] [ 3859.735766] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit] [ 3859.736504] ? kunit_try_catch_throw+0x80/0x80 [kunit] [ 3859.737126] kthread+0x2a4/0x350 [ 3859.737535] ? kthread_complete_and_exit+0x20/0x20 [ 3859.738118] ret_from_fork+0x1f/0x30 [ 3859.738576] [ 3859.739109] The buggy address belongs to the virtual mapping at [ffffc90000097000, ffffc90000099000) created by: vmalloc_oob+0x78/0x5e0 [test_kasan] [ 3859.741212] The buggy address belongs to the physical page: [ 3859.741896] page:00000000356e95d5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x46b1 [ 3859.743026] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff) [ 3859.743802] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000 [ 3859.744718] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 3859.745636] page dumped because: kasan: bad access detected [ 3859.746509] Memory state around the buggy address: [ 3859.747129] ffffc90000097680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3859.747996] ffffc90000097700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3859.748857] >ffffc90000097780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 [ 3859.749714] ^ [ 3859.750531] ffffc90000097800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3859.751433] ffffc90000097880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 3859.752290] ================================================================== [ 3859.794124] # vmalloc_oob: EXPECTATION FAILED at lib/test_kasan.c:1131 KASAN failure expected in "((volatile char *)v_ptr)[size + 5]", but none occurred [ 3859.794295] not ok 49 - vmalloc_oob [ 3859.798985] ok 50 - vmap_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 3859.799735] ok 51 - vm_map_ram_tags # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 3859.801946] ok 52 - vmalloc_percpu # SKIP Test requires CONFIG_KASAN_SW_TAGS=y [ 3859.804025] ok 53 - match_all_not_assigned # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 3859.806932] ok 54 - match_all_ptr_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 3859.809030] ok 55 - match_all_mem_tag # SKIP Test requires CONFIG_KASAN_GENERIC=n [ 3859.810159] not ok 20 - kasan [ 3860.227021] # Subtest: linear-ranges-test [ 3860.227028] 1..4 [ 3860.244893] ok 1 - range_test_get_value_amount [ 3860.247015] ok 2 - range_test_get_selector_high [ 3860.248884] ok 3 - range_test_get_selector_low [ 3860.250920] ok 4 - range_test_get_value [ 3860.251526] ok 21 - linear-ranges-test [ 3860.401660] # Subtest: list_sort [ 3860.401669] 1..1 [ 3860.419628] ok 1 - list_sort_test [ 3860.419963] ok 22 - list_sort [ 3860.784501] # Subtest: time_test_cases [ 3860.784510] 1..1 [ 3865.738970] ok 1 - time64_to_tm_test_date_range [ 3865.741496] ok 23 - time_test_cases [ 3867.655620] systemd-journald[564]: Data hash table of /run/log/journal/418de3a8b0364558acd2b5016ba8999c/system.journal has a fill level at 75.0 (7003 of 9336 items, 5378048 file size, 767 bytes per hash table item), suggesting rotation. [ 3867.679290] systemd-journald[564]: /run/log/journal/418de3a8b0364558acd2b5016ba8999c/system.journal: Journal header limits reached or header out-of-date, rotating.